BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

How Apple Is To Blame For The Flashback Malware Outbreak

This article is more than 10 years old.

Image via CrunchBase

The Flashback malware is now estimated to have infected almost 2 percent of Mac systems. If that number is accurate than it's safe to call this outbreak an epidemic, and that means that it's time to point fingers and lay the blame for this outbreak where it belongs – at Apple's door.

Now you might be wondering how a malware outbreak is Apple's fault. After all, the malware relies on vulnerabilities in Oracle's Java platform to take systems over, and not vulnerability in OS X. Also, I think it's safe to assume that Apple didn't create the malware either! So surely it's Oracle that's to blame for this mess and not Apple?

No. Apple is to blame for this outbreak, and here's why. While Java is an Oracle product, and Oracle is responsible for pushing updates out to Windows and Linux users that have Java installed on their PCs, things work differently on the Mac platform. Here Apple is in charge of patching Java, not Oracle, and this is where the problems begin. Apple is notorious for being glacially slow when it comes to patching vulnerabilities in the Java platform, taking on average an additional six months to come out with patches. These delay are bad because they give hackers time to examine the Oracle updates, figure out what the patched vulnerability were, and then target this vulnerability on Macs.

And this is exactly what happened with Flashback.

Note: This is why it is vitally important to apply security updates to operating systems in a timely fashion. Hackers are quick to examine the code and find discover what the patch fixes. They are then free to go away and target people who, for whatever reason, have not applied the update.

Oracle issued a patch for the vulnerabilities used by Flashback on February 17, but updates weren't made available to Mac users until April 2. This means that hackers had six weeks to discover the vulnerability in Java and begin exploiting it with Flashback before Apple rolled out updates to its users. And it's this delay that has resulted in over 650,000 compromised Mac system and the creation of one of the largest botnets on the planet.

This outbreak was preventable, and if Apple had released Java updates in a timely fashion Flashback wouldn't have become the problem that it now is for hundreds of thousands of Mac owners who thought Apple had them covered.

Think Apple's got your back? Think again!