Apple turned off Java by default for its OS X users as a precaution.
Previously, Apple stopped bundling Java with OS X and instead gave users the option to install it themselves.
Given that Macs run Java 6 by default, this latest flaw affects Apple users to a much greater degree than the previous Java imbroglio, Gowdiak says.
FORBES: Another Critical Security Flaw In Java Appears Before Oracle Has Even Resolved The Last One
Apple had also already removed Java in its latest versions of Mac OSX.
FORBES: Apple Kills Java In Macs' Browsers After A Slew Of Security Vulnerabilities
Here Apple is in charge of patching Java, not Oracle, and this is where the problems begin.
Update : Apple has issued an update to Java in response to the breach, which users can download here.
In a post on its support forums, Apple said the update to the Java software platform "removes the most common variants" of the Flashback malware.
This means that hackers had six weeks to discover the vulnerability in Java and begin exploiting it with Flashback before Apple rolled out updates to its users.
The Flashback malware targeted a vulnerability in the Java software that is used in Windows machines, Apple computers and many others.
Here Java 6 was supplied as standard and it was Apple and not Oracle that was responsible for providing users with the updates.
This chart compares the performance of 12 VMs. Except for Apple Computer's Macintosh Runtime for Java (MRJ), all of the JVMs were tested on the same hardware and with the same Java application code.
CNN: New benchmark results show Java ready for prime time on servers
Last fall, Apple won praise for a Mac update that removed a Java plugin from all Mac-compatible web browsers.
FORBES: US Department of Homeland Security Calls On Computer Users To Disable Java
Macs were the biggest victims because Apple did not patch the loophole in its version of Java for several weeks after the vulnerability became known.
Other than the update already delivered for computers running OS 10.6 and 10.7 Apple recommends users on 10.5 and earlier disable Java in their browser preferences.
ENGADGET: Apple publishes support page for Flashback malware, is working on a fix
In a post to its programming and infrastructure blog Monday, e-commerce startup Etsy detailed a new approach to the endless stream of new Java bugs, which most recently led to attacks at Facebook, Apple, and Twitter.
FORBES: How To Quarantine Java Like The Disease That It's Become
Apple recommended the new update to all Mac users who have Java installed.
If you haven't heard by now, the malware exploits a flaw in the Java Virtual Machine, which Oracle pushed a fix for back in February, but Apple didn't patch until a botnet consisting of as many as 650, 000 Macs was identified on March 4th.
ENGADGET: Apple publishes support page for Flashback malware, is working on a fix
But Microsoft had identified others, including Sun Microsystems's Java technologies, Intel's Native Signal Processing, and multimedia playback software developed by Apple and RealNetworks.
Apple is notorious for being glacially slow when it comes to patching vulnerabilities in the Java platform, taking on average an additional six months to come out with patches.
应用推荐