"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers, the Cupertino, California-based firm said. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple."
Facebook revealed on Friday that hackers had staged a sophisticated attack by infiltrating its employees' laptops, but no user information was compromised.
Apple said it was working with law enforcement to track down the hackers. The company has already taken measures to protect users from vulnerabilities in Java. To protect Mac users that have installed Java, today the company also releasied an updated Java malware removal tool that will check Mac systems and remove this malware if found.
The update addresses an exploit used to attack some of Apple's own Macs. Java for OS X 2013-001 1.0 updates Apple's Java implementation of Java SE 6 to version 1.6.0_41, and is being released for OS X Lion and Mountain Lion.
Apple's patch notes in full:
- This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.
- This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.
- This update also removes the Java Preferences application, which is no longer required to configure applet settings.
The update is available the Mac App Store.