Although we don’t always hear about Apple having security breaches, it was reported last Tuesday that some of their employees’ computers have been targeted by hackers from China. The hackers are the same cyber criminals who infiltrated computers belonging to Facebook employees last week.
In an email sent by Apple to Apple-centric website Macworld:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.
Java Update from Apple
As promised, Apple released a Java update late last Tuesday for Mac OS X 10.7 or later. The said update patches a number of security vulnerabilities, as well as scans for the most common variants of the malware and removes them. Once the malware is found, the user will receive a notification regarding its removal.
The patch also updates Apple’s version of Java 1.6.0_41. It is available by selecting Software Update from the Apple menu or visiting Mac App Store and clicking on Updates. Users of the Snow Leopard operating system can check Software Update or download the Java for Mac OS X 10.6 Update 13, which patches the same vulnerability.
Together with it is the Cupertino-based company’s recent Java policy. These downloads will disable Apple’s built-in Java plug-in, and users who will run the applets in their browser will be prompted to download the latest version of Oracle’s Java plug-in.
As of the moment, Apple is only the latest target in a recent wave of cyber attacks, which have hit institutions like The New York Times and the Wall Street Journal, together with tech companies like Facebook and Twitter. Most of those attacks have been tracked back to China.