Shortly after Apple confirmed that some employee Macs were infected with malware that used a Java, Oracle released the 15 plugin update (Java SE 7u15).
According to the company, the version includes important security fixes (as always) and it recommends that all Java SE 7 users upgrade. The update can be downloaded either from the Java panel (Java System Preferences Update Update Now) and the Oracle website.
We will see if Oracle really made the Java plugin more secure or if it remains a cheese, with many vulnerabilities that some crackers love and exploit so much.
(tip from Anderson Silva)
Like Oracle, Apple also released its update, the Java for OS X 2013-001 1.0. The update improves security, reliability and compatibility by updating Java SE 6 to version 1.6.0_41.
On systems where Java for OS X 2012 006 1.0 has not yet been installed, the update will disable the plugin, making it necessary to download the new version of Java released by Oracle today (central theme of this article).
The update can be downloaded either through the Software Update (Software Update) and the Apple website (63.8MB; requires OS X 10.6 or higher). For more information on this update and security updates, be sure to check out these two company support articles: 1, 2.
Apple also released the Java for Mac OS X 10.6 Update 13, which serves the same purpose only as for machines equipped with Snow Leopard. The update is 69.3MB and can be downloaded via Software Update (Software Update) or the company's website.
On a related note, the AllThingsD reported that the website responsible for infecting Macs of Apple employees was the iPhoneDevSDK, which specializes in sharing information about mobile development. Again, it is worth noting that not only Apple like Facebook and Twitter would have suffered from malware spread across this domain.
Ian Sefferman, owner of the site, told the AllThingsD:
We are investigating Facebook reports that the iPhoneDevSDK hosted a exploit that attacked Facebook employees. We guarantee that this is not the case. () We have never been contacted by Facebook, by any other company or by justice. The safety of our users is very important to us and we will follow the investigation to completion.
Regardless of the statement, the alert remains: * no * visit the mentioned website. We are informing his name just so that you, readers, know that he can be dangerous and that he may still be spreading malware around, if it really is the source of the problem.
(via Daring Fireball)