Security researchers at the Finland-based antivirus firm F-Secure have revealed that cybercriminals are apparently exploiting a Java vulnerability, which is still unpatched in Apple's OS X, to target Mac computers with a new variation of the Flashback malware which was first detected in September last year.
According to the researchers, while the original variant of the Flashback malware was distributed in the form of a phony Flash Player installer, the latest malware package essentially exploits a Java flaw with the aim of stealing personal data by injecting code into Web browsers as well as other applications on an OS X system.
With the new malware having changed notably from the first variant, both in terms of distribution mechanism and functionality, the malicious code works in such a way that the launch of the infected programs triggers the malicious code's attempts of uploading screenshots and other personal data to the remote servers it can contact.
Though most of the recent Flashback malware variants used exploits for the earlier patched flaws, the latest variant discovered by F-Secure security researchers seemingly takes advantage of January-discovered Java vulnerability - dubbed CVE-2012-0507 - which is yet to be patched by Apple for its OS X.
Noting that the latest Flashback malware variant effectively circumvents Apple's built-in malware scanner XProtect to exploit the unpatched Java for OS X vulnerability, the F-Secure security researchers have suggested that the users of Java for OS X should disable their Java client so as to prevent the malware from becoming "an outbreak."