Jeroen Frijters describes himself as an “accidental” hacker, a guy who trips over security holes the way a pedestrian stumbles over a sidewalk crack. In July the Dutch software engineer discovered the Grand Canyon of sidewalk cracks: a serious vulnerability in Java, one of the most widely used programming languages and a building block of many websites. He reported the flaw to Oracle, which oversees Java.
About nine months later, that bug has enabled the largest malware attack ever to target Apple computers. Since the end of March, more than 600,000 Macs have been infected by a virus known as Flashback. The attack, disclosed on April 4 by a little-known Russian antivirus company called Doctor Web, has mainly affected computers in the U.S. That includes a few hundred Macs in Apple’s hometown of Cupertino, Calif., suggesting some employees at the world’s most valuable company may have caught the virus. The incident has shattered the sense of invulnerability felt by many users of Apple products, which generally face fewer security risks than those running Windows.