????蘋果操作系統安全性相對較高，我已經就該主題發表過幾篇文章，也從PC用戶那里獲得了很多這樣的反饋【參見《為什么蘋果電腦不會中病毒》（Why are there no Mac viruses）】。因此，我覺得有必要告訴大家，蘋果操作系統目前似乎正在經歷迄今為止最為嚴重的惡意軟件攻擊。

????根據俄羅斯大蜘蛛防病毒軟件公司（Dr.Web）上周三發布的一份報告，稱Flashback木馬已經對全球范圍內超過55萬臺Mac電腦的安全造成了威脅。

????Dr. Web已經針對微軟Windows系統若干種版本的Flashback木馬提供了殺毒程序。它對蘋果電腦遭遇的木馬病毒變種描述如下：

????這種病毒變種會用Java語言代碼來裝載包含漏洞利用（exploit）的Java小應用程序，然后把可執行文件保存至中毒的Mac電腦硬盤。病毒利用該文件從遠程服務器下載惡意負載并啟動。依照從服務器獲取的指令，它能獲取并運行任何可執行文件。

????甲骨文公司（Oracle）在2010年收購太陽微系統公司（Sun Microsystems）后承擔了Java程序語言的責任，并于今年2月份發布了漏洞更新。科技博客Ars Technica的程雅基稱：“Flashback最新變種的消息流傳開之后，蘋果公司直到上周初才發布了補救措施。”

????i該補救措施是蘋果操作系統軟件更新Java for OS X 2012-001的一部分。用戶可以在“系統設置”下的“軟件更新”中找到。如果要檢查自己的Mac是否中毒，可以根據 F-Secure殺毒軟件的查毒指南，使用“實用程序文件夾”的“終端應用軟件”來排查木馬：

????Having written several times -- and taken a lot of heat from PC users -- about the relative security of Apple's (AAPL) operating systems (See Why are there no Mac viruses), I feel obliged to report that Mac OS X is under what appears to be the most serious malware attack to date.

????According to a report posted Wednesday by Dr. Web, a Russian anti-virus vendor that may have a stick in this fire, the security of more than 550,000 Macs around the world have been compromised by the Flashback trojan.

????Dr. Web, which sells an antidote for the versions of Flashback that run on Microsoft (MSFT) Windows machines, describes the Mac variant like this:

????JavaScript code is used to load a Java-applet containing an exploit... The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it...It may get and run any executable specified in a directive received from a server.

????Oracle (ORCL), which assumed responsibility for the Java programming language when it acquired Sun Microsystems in 2010, released a fix for the vulnerability in February. According to Ars Technica's Jacqui Cheng, "Apple didn't send out a fix until earlier this week, after news began to spread about the latest Flashback variant."

????The fix is part of the OS X software update called Java for OS X 2012-001. You'll find it in Software Update in System Preferences. If you think one of your Macs is infected, F-Secure has instructions on how to use the Terminal application in your Utilities folder to find out: