Apple has released a security update for its Mac OS X operating system to protect against the malicious software used in an attack on the company’s computer systems.
The patch means users will have the most up-to-date version of the Java platform.
Additional measures by Apple – which have been in place for most Mac users for some time – include automatically disabling Java if it is not used for 35 days.
The Java update to Mac OS X was released less than 24 hours after Apple admitted that some of its employees computers had been infected with malware spread through a compromised developer website.
Apple said the malware exploited a vulnerability in the Java plug-in for browsers that was also used to target computers at Facebook. The malware has also been linked to a recent breach at Twitter.
On Tuesday (19 February 2013), Apple admitted it had identified a small number of systems in Apple, but said there was no evidence that any data had been stolen.
Read more about zero-day exploits
- Private market growing for zero-day exploits and vulnerabilities
- Oracle rushes out patches for Java zero-days
- Zero-day exploit for Yahoo Mail goes on sale
- Adobe investigates zero-day that bypasses Reader X sandbox
- Java zero-day vulnerability hits Metasploit and Blackhole
- Aurora attackers target defence firms, use flurry of zero-days
- European aeronautical supplier hit by Microsoft zero-day exploit
- Despite Windows 8 zero-day, vendors laud security of new Microsoft OS
Security analysts said the attack on Apple computers showed criminal hackers are investing more time in studying the Mac OS X operating system, which had been little-targeted in the past.
Despite Apple’s quick action since admitting the attack on its systems, the company faced criticism for not acting sooner.
Paul Ducklin, head of technology for security firm Sophos, said in a blog post it was a pity Apply did not issue the Java update at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off.
However, he notes that Apple did push out a patch early in February, but only for Mac OS X 10.6 users. “Mac OS X Lion and Mountain Lion users have been in limbo until now,” Ducklin wrote.
Graham Cluley, senior security consultant at Sophos, told the BBC it was difficult to pinpoint the source of attacks. Cluley noted that, even if an attack comes from a Chinese computer, that computer could have been hijacked.
Cluley suggested it was likely most developed countries in the world, including the UK, were engaging in some cyber activity.
"In the past foreign secretary William Hague has said he would take pre-emptive strikes against foreign hackers if necessary," said Cluley.
"We've well and truly entered this new era of cyber crime. It's now very much about stealing information, spying and of course intelligence services care a lot about that.”
In November 2012, a survey revealed nearly two-thirds of UK citizens back pre-emptive cyber strikes on foreign states that pose a credible threat to national security, but 46% of those believe it depends on the level of threat posed.
Some 45% of all respondents said they believe the UK government needs to step up its protection of national assets and information against cyber security threats; 42% think the threat of international cyber war and cyber terrorism is something that needs to be taken very seriously.
Only 18% considered pre-emptive attacks on enemy states to be unjustified. Just 10% said the government is doing enough to protect the nation from cyber security threats.