Apple: yes, we were hacked, here’s your fix

Apple headquarters (Cupertino, Clifornia, exterior 001)

Apple is just the latest technology firm to announce it was the victim of hackers. Tuesday, the iPhone maker announced a limited number of employee computers were affected, however software would be released today protecting consumers. The malware infected a limited number of Macs through a vulnerability in the Java plug-in for browsers, the company confirmed.

The announcement – unprecedented from the usually tight-lipped company – included a statement by Apple attempting to calm consumer fears, saying there was “no evidence” that any data leaked out. This comes on the heels Facebook had also been targeted by hackers. Friday, the social networking giant said hackers based in China breached employee laptops, but no Facebook user data was taken.

UPDATE: less than three hours later, Apple has pushed out a Java update to patch the vulnerability…

Speaking with Reuters, the iPad manufacturer said “there was no evidence that any data left Apple.” The iPhone maker claims only “a small number” of employee computers were impacted.

Despite the assurance, the company said it would release “a software tool,” to combat any attacks on consumers, reports said. The comment may suggest Apple knows how the hacking occurred. The company is working with law enforcement to track down the hackers.

In a statement to AllThingsD, Apple confirmed the hackers accessed a number of Mac systems through a vulnerability in the Java plug-in for browsers:

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.

We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

The statement claims a malware removal tool will be released later today:

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.

UPDATE: the Java for OS X 2013-001 security update is now available for download by choosing Software Update… from your computer’s Mac menu.

Java for OS X 2013-001 1.0 update prompt

From release notes accompanied the download:

Java for OS X 2013-001 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.

On systems that have not already installed Java for OS X 2012-006, this update disables the Java SE 6 applet plug-in. To use applets on a web page, click on the region labeled “Missing plug-in” to download the latest version of the Java applet plug-in from Oracle.

Please quit any web browsers and Java applications before installing this update.

On Friday, Facebook announced it was the victim of hackers it claims were traced to China.

Today, the New York Times reported on a small group of Chinese Army hackers working to uncover U.S. business secrets.

Just last week, U.S. President Barack Obama announced he’d order heightened protection against hackers attacking what Reuters called the “country’s critical infrastructure.”

The signs of such hacking are not hard to find. Recently, the New York Times and the Wall Street  Journal reported they were victims of hackers who broke into their computer systems in search of email addresses for reporters who’ve written critically of the Chinese government leaders.