Carnegie Mellon University Website Home Page

SECURITY ALERT: Action Needed: Run Apple Security Update to Remove Flashback Malware

(US Eastern Time)
DAY: Friday
DATE: April 13, 2012


Individuals using Mac OS X 10.6+


Over the last several days, Carnegie Mellon has seen a rise in MAC OS X computers being infected by malware called "Flashback." As a result, Computing Services is suspending infected computers from the university network.

In its April 4, 2012 security alert, Carnegie Mellon urged MAC OS X users to run the latest Apple security updates to protect against Flashback infections. Flashback steals usernames and passwords for online payment, banking and credit card websites without seeking authorization from the user. Apple has released a new update that will remove current variations of Flashback and also take additional steps to prevent future Flashback infections.


Run the Apple OS Software Update for your Mac operating system:
1.    Go to Apple > Software Update.
2.    Once Software Update has run, install all available updates.
3.    If prompted, enter an administrator account name and password.
4.    Click Install.
5.    If prompted, restart your computer.

Additional instructions are available through Apple Support:

NOTE: If you are using Mac OS X 10.5 or below, you should upgrade to a newer operating system and then run Software Update as described above.


More information on Apple’s most recent security update to remove and protect against further Flashback infections is available at:

As a security measure, this update will disable automatic execution of Java applets. You can manually execute Java applets if you encounter applets on a Web page.


Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.