Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement provided to Reuters.
The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp’s Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday.
“This is the first really big attack on Macs,” said the source, who declined to be identified because the person was not authorized to discuss the matter publicly. “Apple has more on its hands than the attack on itself.”
Surprise surprise but the attack vector was through Java, which is so insecure it could legitimately be considered a trojan horse. And referring to Apple having “more on its hands than the attack on itself” this is how they’re dealing with it:
“Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found,” the company said.
Via The Loop.