Apple releases Java update to protect OSX users against vulnerability used in their hacking

Apple recently announced that they have been attacked by the same hackers that hit Facebook. Apple state that a small number of their employees systems were infected but no data appear to have been stolen. A statement given by Apple to All Things D notes that this was the same Java zero-day bug that was used to attack Facebook.

Apple have now taken the step to protect Mac OS X users by releasing an update to repair the vulnerability used to hack into their employees’ systems.

Here is the summary of the update:

Java for OS X 2013-001 delivers improved security, reliability, and compatibility for Java SE 6. Java for OS X 2013-001 supersedes all previous versions of Java for OS X.

This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.

The security information:

Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41. For Mac OS X v10.6 systems, these issues were addressed in Java for Mac OS X v10.6 Update 13.

The update can be found under the Apple menu>Software update or under the software update section in the Mac App Store. Some users might have already got a notification on their Mac to let them know that a software update is available. There is an update to iTunes as well. It’s highly recommended that users update their machines.