(LiveHacking.Com) – Apple has revealed that a small number of its computers where hacked by the same group who recently targeted Facebook. The iPhone-maker said it has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. As a result Apple has released some updates for Java and Mac OS X 10.6.
Java for OS X 2013-001 and Mac OS X v10.6 Update 13 are now available and addresses the following:
- Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- Multiple vulnerabilities existed in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
The Java updates are available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.x, OS X Lion Server v10.7.x, OS X Mountain Lion 10.8.x.
Apple also released a update to its malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days
