[Update: you may find Lysa Myers' article speculative article What We Know About Apple’s Malware Breach of interest. Well, I did.]
John Leyden reports in The Register that: Apple FINALLY fills gaping Java hole that pwned its own devs
Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X – the very hole exploited by hackers to infect Apple’s own developers, their counterparts at Facebook and scores of other Mac-using companies.
Paul Ducklin remarks for Sophos that:
It’s telling, perhaps, that Apple, with this most recent update, seems to have washed its hands permanently of browser-based Java.
The update is for OS X 10.7 or later (10.6 has already been updated). Apple says:
This update uninstalls the Apple-provided Java applet plug-in from all web browsers….[and]….also removes the Java Preferences application, which is no longer required to configure applet settings.
David Harley CITP FBCS CISSP
Mac Virus/Small Blue-Green World/Anti-Malware Testing
ESET Senior Research Fellow