員工電腦被駭,Apple 緊急發布 Java 安全性更新

by Mengkuei Hsu2013/02/20

Apple 傳出內部員工電腦被植入惡意軟體,20 日緊急發布 Java 更新修補錯誤。

根據「路透社」(Reuters)報導,Apple 在 20 日發布聲明,表示遭受駭客攻擊,有少數電腦受惡意軟體影響。這起事件使用 Oracle Corp. 的 Java 瀏覽器外掛中臭蟲,目的在於對 Facebook 發起攻擊。不過 Apple 表示目前未發現資料遺失。

Apple 原文聲明如下:

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.

在攻擊事件發生後,Apple 緊急透過軟體更新發布最新的 Java for OS X 2013-001 安全性更新,以修補這個漏洞。

Java for OS X 2013-001 會移除 Apple 提供的瀏覽器 Java applet 外掛,並在必須使用 Java applet 時,要求使用者直接到 Oracle 下載最新版本的 Java applet 外,其內容描述如下:

透過更新 Java SE 6 至 1.6.0_41,Java for OS X 2013-001 改進了安全性、可靠性和相容性。

在尚未安裝 Java for OS X 2012-006 的系統上,此更新項目會停用 Java SE 6 Applet 外掛模組。若要在網頁上使用 Applet,請按一下標示”找不到外掛模組”的區域來從 Oracle 下載最新版本的 Java Applet 掛模組。


What's your reaction?
Love It
Hate It
About The Author
Mengkuei Hsu
曾任 3C 雜誌編輯多年,負責軟體、網路、週邊和 Apple 相關產品。