Carnegie Mellon University Website Home Page

Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords

(US Eastern Time)
DAY: Wednesday
DATE: April 4, 2012

AFFECTED USERS: Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion)

SUMMARY: Carnegie Mellon is detecting an increased number of infected computers related to new malware called "Flashback." Flashback infects MAC OS X computers by exploiting vulnerabilities in Java. FlashBack steals usernames and passwords for online payment, banking and credit card websites without user interaction.

To protect your Mac computer from infection, please follow the steps below:

  1. Run the latest Apple security updates for your Mac operating system. Updates are found at:
  2. Install and run Symantec Anti-Virus software from the Computing Services website at:

MORE INFORMATION: For more information visit Apple security alert at

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.