The malware is a new variant of the Flashback, a password-stealing trojan. The latest strain takes advantage of a flaw in Java — CVE-2012-0507, according to F-Secure — which was patched by Oracle in February. But Apple has yet to push the update to its Mac OS X platform.
As users await a patch, an F-Secure threat researcher who goes by “Brod” suggested on Monday that they disable Java in their browsers to avoid falling victim to the exploit, which is being delivered via malicious web pages.
Read more: SC Magazine