Apple recently announced that they have been attacked by the same hackers that hit Facebook. Apple state that a small number of their employees systems were infected but no data appear to have been stolen. A statement given by Apple to All Things D notes that this was the same Java zero-day bug that was used to attack Facebook.
Apple have now taken the step to protect Mac OS X users by releasing an update to repair the vulnerability used to hack into their employees’ systems.
Here is the summary of the update:
Java for OS X 2013-001 delivers improved security, reliability, and compatibility for Java SE 6. Java for OS X 2013-001 supersedes all previous versions of Java for OS X.
This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.
This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.
This update also removes the Java Preferences application, which is no longer required to configure applet settings.
The security information:
Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41. For Mac OS X v10.6 systems, these issues were addressed in Java for Mac OS X v10.6 Update 13.
The update can be found under the Apple menu>Software update or under the software update section in the Mac App Store. Some users might have already got a notification on their Mac to let them know that a software update is available. There is an update to iTunes as well. It’s highly recommended that users update their machines.