Both Windows and Mac users are protected if they are up-to-date on security patches.
QUOTE: A malware attack called Flashback infested well over a half-million Macs last week by exploiting a Java vulnerability. All Mac users have since updated to Apple’s recently-released Java update, thereby rendering all Flashback variants powerless. Right. In your dreams! In the real world, hundreds of thousands of Macs remain infested, and a new threat has surfaced that gains entry using the same exploit but goes on to wreak even more havoc.
According to a post by Graham Cluley on Sophos’s Naked Security blog, Sophos researchers determined that this new threat is attacking both Mac and Windows computers through the same Java vulnerability Flashback used. Windows users who permit automatic updates should be safe, as Microsoft patched the vulnerability in mid-February. Windows and Mac users who haven’t updated are vulnerable.