Apple has pushed out a new Java update to address the malware loophole that saw hackers attempt to extract data from the company, stripping out the Apple-provided browser plugin in the process. The update, which follows Apple’s confirmation that a “small number” of its systems had been compromised by an unknown hacking group, basically removes the Java applet plugin from all browsers on an OS X 10.7+ machine.
If the user subsequently wants to access Java applets, they’ll see a “Missing plug-in” warning in the page; clicking that will go to Oracle, to download the newest official version. In the process, the update also removes the Java Preferences application, which Apple says is no longer required.
The malware response follows the identification of several loopholes in Java, one of which allows the hackers to compromise some of Apple’s own systems. “Multiple vulnerabilities existed in Java 1.6.0_37,” the company writes in its security alert, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.”
A Java flaw is believed to have been at the root of Facebook’s hack incident earlier this month, with the social network’s own systems targeted. Oracle itself documented the problem back at the start of February, reacting to security warnings which saw several firms recommend all Java implementations be shut down as a precaution.
Apple maintains that “there was no evidence that any data left” the company, and has pushed out the new update as both a standalone patch and via the Software Update tool in OS X.