Carnegie Mellon University
April 04, 2012

Action Needed-Security Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords

AFFECTED USERS: Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion)

SUMMARY: Carnegie Mellon is detecting an increased number of infected computers related to new malware called "Flashback." Flashback infects MAC OS X computers by exploiting vulnerabilities in Java. FlashBack steals usernames and passwords for online payment, banking and credit card websites without user interaction.

WHAT YOU NEED TO DO:
To protect your Mac computer from infection, please follow the steps below:

  1. Run the latest Apple security updates for your Mac operating system. Updates are found at:http://support.apple.com/kb/HT1338.
  2. Install and run Symantec Anti-Virus software from the Computing Services website at:http://www.cmu.edu/computing/software/all/symantec/download.html.

MORE INFORMATION: For more information visit Apple security alert at http://support.apple.com/kb/HT5228.

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.