Security watchers have discovered a strain of Mac-specific malware that exploits an unpatched vulnerability in Java.

A variant of the Flashback Trojan exploiting CVE-2012-0507 (a Java vulnerability) has been spotted in the wild, F-Secure warns.

F-Secure advises users to disable Java, which isn't needed to surf the vast majority of websites, on their Mac, as explained in an earlier blog post here.

Some banking websites mandate the use of Java, in which case security-conscious Mac fanbois can re-enable Java for the duration of their session before turning it off again, the Finnish security firm suggests. ®

Related stories

• Dr. Web disputes Flashback Mac Trojan bot army estimates (25 April 2012)
• Yet another OSX/Java Trojan spotted in the wild (15 April 2012)
• Apple finally deploys Mac Flashback Trojan terminator (13 April 2012)
• Australia OKs iOS for classified comms (13 April 2012)
• Apple trails behind world+Microsoft in 'Flashback' malware debacle (11 April 2012)
• 550,000-strong army of Mac zombies spreads across world (5 April 2012)
• Apple plugs Java hole after Flashback Trojan intrusion (4 April 2012)
• New password-snatching Mac Trojan spreading in the wild (24 February 2012)
• Flashback trojan targeting OS X shuns virtual machines (13 October 2011)
• Mac security update leaves users open to ugly Flashback (27 September 2011)