Russian security firm Doctor Web (via Ars Technicia) claims that attackers began to exploit the Java vulnerability on March 16th which Apple closed with the release of the Java update on April 3rd. Apple released a Java 1.6.0_31 update for OS X on Tuesday. The patch closes multiple vulnerabilities found in Java 1.6.0_29, the most serious of which allows malicious code to be executed just by visiting a compromised website. Dr. Web now estimates that about 600,000 Macs, most of which reside in the US (55 percent) and Canada (19.8 percent), are now infected members of the Flashback botnet. Security Company F-Secure has instructions for detecting and deleting the Flashback botnet on infected computers. The update is available from Software Update on any Mac running Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, or Lion Server v10.7.3.
