Fresh off the news that Macs at Apple’s corporate headquarters were hacked through (yet another) Java exploit, Apple has released an update for Java that closes that hole, and also disables Java on Macs that have not used the applet in over 30 days. The update is available to all OS X users running 10.7 or 10.8 who have either not manually uninstalled or disabled Java themselves.
Labeled as Java for OS X 2013-001, the update is available now through Software Update and is recommended for all Mac users to install as soon as possible:
- Open the Apple menu and choose “Software Update”
- Locate and install “Java for OS X 2013-001”
The update is available through the Mac App Store for OS X Mountain Lion users.
Release notes accompanying the Java update are as follows:
Java for OS X 2013-001 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.
On systems that have not already installed Java for OS X 2012-006, this update disables the Java SE 6 applet plug-in. To use applets on a web page, click on the region labeled “Missing plug-in” to download the latest version of the Java applet plug-in from Oracle.
Please quit any web browsers and Java applications before installing this update.
The update is aimed to address the security exploit that was used against Apple, which was first reported by Reuters earlier today:
Apple Inc was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date.
Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement provided to Reuters.
Other reports indicate the attack specifically created an open SSH connection on the targeted Macs, potentially allowing for remote access.
Java is frequently a source of malware and security problems on many computers, and it remains one of the few attack vectors that hackers can target Mac users through. Disabling Java system-wide and in web browsers is highly recommended for individuals who do not need it active either for development purposes or for access to certain banking websites. Those concerned about potential malware and trojans in OS X can read our article on some common sense tips to avoid infecting Macs.