As it promised it would, Apple has released another Java update for OS X, this time one that removes Flashback from infected Macs.
The Flashback Trojan horse may have infected more than half a million Macs; it could install without a password if the victim merely visited a maliciously crafted website.
Apple released an update patching the Java vulnerabilities exploited by Flashback earlier this month. Thursday’s additional Java update goes a step further, removing the most common variants of the Flashback malware.
The update also reconfigures the Java plug-in so that it disables automatic execution of Java applets by default. If you prefer to live dangerously, you can re-enable automatic Java applet execution by running the Java Preferences app ensconced comfortably in your /Application/Utilities folder. After an indeterminate period of your not having run any Java applets, however, your Mac will automatically disable auto-execution again.
Apple unsurprisingly recommends the update to all Mac users who have Java installed. The update is available via Software Update; at this writing, it’s not yet appearing on Apple’s Support Downloads site.