The vulnerability in Java that Flashback exploits was patched in February by Oracle (which inherited Java as part of its acquisition of Sun Microsystems). But Apple waited nearly two months to update OS X with that patched version. …
Apple has made incredible strides in improving the security of its products, but its delayed patching of known vulnerabilities is still a problem.
I’ve already had a few normal people (non-geeks) ask me about Flashback. It’s huge. It has significantly damaged the Mac’s reputation among consumers of being a safe, malware-free platform.
Apple has always been embarrassingly slow to issue patches for known vulnerabilities. This one’s inexcusable. It’s time for Apple to make significant personnel and policy changes around software security.