According to security researchers, cyber criminals are exploiting an un-patched Java vulnerability o infect Apple’s Mac computers through a new version of the Flashback malware.

The Flashback malware Trojan horse designed to target Mac OS users was first spotted in September 2011. The older version of the malware was distributed as a fake Flash Player installer but the newer versions have evolved substantially in functionality and ways of spreading.

Security researchers from antivirus firm F-Secure said that criminals are using the newest version to infect Mac computers by exploiting venerability in Java that has not been patched by Apple. The Java vulnerabilities, which were exploited by a new version of Flashback version in February, were dated back to 2009 and 2011 and thus the users with updates version of Java were protected.

However, the newest version of the malware, ‘Flashback. K’ is capable of exploiting an unpatched Java vulnerability to infect computers. Oracle, the maker of Java, has released a fix for the targeted vulnerability in February and it was included in an update for the Windows version of Java.

The venerability identified as CVE-2012-0507 has been patched by Microsoft but Apple is yet to update the program and protect its users.