Apple releases Flashback removal tools for OS X 10.5

Apple's updates help protect Leopard users from Java and Flash-based attacks.

In September 2011, Apple stopped software support for OS X 10.5 in favor of OS X 10.6 or later, including security updates for the older OS. However, in light of the recent malware attacks that have left users of OS X 10.5 vulnerable to exploit, and perhaps following recent criticism of its approaches to security, Apple has issued new tools to help users of OS X 10.5 better secure their systems.

After Flashback malware hit headlines in early August, a number of security companies released Flashback detection and removal tools that automated the manual steps for removing the malware from OS X systems.

Apple followed these with an update of its own, which included its Malware Removal Tool (MRT) package. Unlike other offerings, this tool is built to run once, remove instances of known malware, and then remove itself. This approach is minimalistic, but will allow users to do a one-time check of their system to ensure they are free of the Flashback malware. When this tool was released, Apple initially only made it available to OS X 10.7 and 10.6 users, which left a number of those still using 10.5 Leopard (about 16.4 percent) to rely on third-party tools for managing the malware threat.

Today Apple has made available its MRT package for 10.5 Leopard users in a software update called Flashback Removal Security Update, which should be available via Software Update for those with Leopard, but can also be downloaded from the Apple Support Web site.

Along with the MRT tool, the security update includes a Java disabling utility, which will turn off Java in Safari's "Security" preferences for all users on the system. This should help those who do not use Java, but for those who need it, Java will not work until you re-enable it in your Web browser. The setting for this should be fairly obvious in the Security section of Safari's preferences, but Apple has a knowledgebase article that covers how to do this as well.

This approach to the Flashback problem prevents users from being vulnerable to Java-based threats without having to issue an updated runtime that closes the security holes. Unfortunately, this means that the Java installations on OS X 10.5 systems will technically still be vulnerable to recent security holes, though without a Web interface through the Java plug-in, the avenue used by the recent attacks will be closed by default.

In addition to these updates for managing Java-based threats, Apple has released Leopard Security Update 2012-003, which installs tools that will disable Adobe Flash player when a new version is available. This feature is similar to the recent Safari 5.1.7 update, which will automatically disable Flash when a new version is out. The update will install a "FlashUpdaterAgent" tool in the system's CoreServices folder, which will perform the periodic checks and then manage the Flash plug-in accordingly.

These updates for OS X should keep Leopard users safer from recent malware developments, and also help ensure they stay safe from future ones if they occur.

Questions? Comments? Have a fix? Post them below or email us!
Be sure to check us out on Twitter and the CNET Mac forums.