An estimated 600,000 Macs were infected by the Flashback trojan earlier this month. The botnet apparently collected personal information and web browsing logs. It exploited a Java security hole that, while patched by Oracle some time ago, had not been fixed by Apple.
Apple has now released a removal tool that will deal with “most common variants” and has patched the exploit in its Java package. It is available via Software Update.
While it is likely that most infections were due to the Java vulnerability, a number of Flashback versions also use social engineering tricks to fool users into installing it. As a result, Apple has also released a standalone Flashback removal tool for Mac OS X Lion installations that don’t have Java.
Read more: Java version and Non-Java version