A new version of a well-known family of Mac malware exploits vulnerabilities in Java to steal usernames and passwords. Flashback.G is the first variant of the Trojan horse to use an attack vector that doesn’t require any user interaction. Apple no longer packages Oracle’s Java with its Mac operating system, but Apple continues to issue Java security updates to people running Lion as well as Mac OS X 10.6, better known as Snow Leopard. The malware is, of course, not signed by Apple, tries to trick the user into manually installing the malware.”]
Source: https://www.csoonline.com/article/2131027/new-mac-malware-exploits-java-bugs–steals-passwords.html