Apple said its computer systems have been breached by the same attackers that targeted Facebook.
But the company said only a few computers were affected and there was no evidence of data theft.
Last week, Facebook revealed that its systems had been attacked in January after a few employees visited a mobile developer site that was compromised.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” the company said in a statement.
Facebook’s initial investigations revealed that the attack used a zero-day exploit to bypass the Java sandbox to install the malware. The Java vulnerability was patched by Oracle on 1 February.
The latest attack shows criminal hackers are investing more time in studying the Mac OS X operating system so they can attack Apple computers
Apple said the malware was spread through a website for software developers and was used in an attack against Apple and other companies, which some reports said include Twitter as well as Facebook.
In early February, Twitter reset the passwords of 250,000 accounts after detecting and shutting down a hacker attack.
Apple has taken measures to protect customers from vulnerabilities in Java and will release a software update to protect against the malicious software used in the attack, according to the BBC.
"Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days," the company said.
"To protect Mac users that have Java installed, we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found."
More on zero-day exploits
- Private market growing for zero-day exploits and vulnerabilities
- Oracle rushes out patches for Java zero-days
- Zero-day exploit for Yahoo Mail goes on sale
- Adobe investigates zero-day that bypasses Reader X sandbox
- Java zero-day vulnerability hits Metasploit and Blackhole
- Aurora attackers target defence firms, use flurry of zero-days
- European aeronautical supplier hit by Microsoft zero-day exploit
- Despite Windows 8 zero-day, vendors laud security of new Microsoft OS
Apple is working with law enforcement agencies to find the source of the malware.
Security firm F-Secure said the attackers might have been trying to access the code for apps on smartphones, seeking a way to infect millions of users.
The company urged developers to check their source code for unintended changes, according to the Guardian.
Other security researchers said the latest attack shows criminal hackers are investing more time in studying the Mac OS X operating system so they can attack Apple computers, the paper said.