Apple has issued a security update targeting malware that is estimated to have infected more than 650,000 Mac computers running the OS X operating system.

The Java update made available for download Thursday removes the most common variants of "Flashback," a type of malware known as a trojan. The update also configures the user's web browser not to automatically run Java applets.

The Java update made available for download Thursday removes the most common variants of the Flashback trojan. (Tim Wimborne/Reuters) Apple said the update is recommended for all Mac users with Java installed.

The malware can also be detected and removed by some commercial, third-party antivirus software packages, or it can be removed manually by advanced users.

Apple had released a previous Java update on April 3 that fixes the Java security flaw that allows computers running OS X v10.7 and Mac OS X v10.6 to become infected. But the patch did not affect earlier versions of the operating system.

Security experts also noted that the April 3 patch did not remove existing infections, which would have made affected computers part of a botnet of thousands of computers that can be remotely controlled by special servers to conduct activities such as delivering spam and taking part in denial-of-service attacks.

The Russian antivirus software maker Dr. Web estimated on April 4 that almost 20 per cent of Flashback infections were in Canada.

Apple was criticized by some security experts for its slow response to Flashback, as the Java vulnerability had been publicly known for months, and was patched for the PC operating systems Windows, Linux and Unix back in February.

Macs have traditionally been rarely targeted by the makers of malicious software, who have tended to focus instead on PCs.