Apple Has Released A Java Update For Mac OS X That Fixes Vulnerability Used By Hackers

Recently, Apple was attacked by a group of hackers who breached a certain number of Macs owned by employees. It wasn’t a major attack and nothing was really stolen, leaked or affected. Apple later confirmed to a publication that a tool will be released, which would help in eradicating any Java related threats on Mac computers. Staying true to their word, Apple has seeded a new Java update for Mac OS X today.


Despite the fact that only Apple employee Macs were attacked, if you’ve got Java running or installed on your computer, you could be vulnerable too. Apple has always recommended that you remove Java and kept Java out since Mac OS X 10.7. So if you’re running Mac OS X 10.7, you should be safe, but it’s necessary that you install this update.


The Java for OS X 2013-001 1.0 update is for Macs running OS X 10.7 and above. It basically checks if there is any malware present on your computer and removes it if there is. The update also uninstalls the Java applet plug-in from your web browsers. The version number is 1.6.0_41, so if yours is lower, then you need to update. Here’s the release note:

This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.

Apple also admits, via Security information, that they were aware that the vulnerability existed in version 1.60.0_37 of the Java software. Apparently, the issues were taken care for in Java for Mac OS X 10.6 update 13, but neglected in OS X 10.7.

Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41. For Mac OS X v10.6 systems, these issues were addressed in Java for Mac OS X v10.6 Update 13.

You can download this new Java for Mac OS X update from the Software Update section present in the Mac App Store. Or you could also check for it under Apple>Software Update. Go download now and remember to turn off Java when not in use.

[Via TNW]

Don't forget to follow on Facebook, Twitter and Google+.