If Apple can't protect itself from malware, how can you trust it to protect you?
Apple may be perceived as a bastion of security and users generally feel safe from the plagues that us Windows users suffer, but market share plays a large part in that perception. The bigger target gets more attention. Well, the party may be over, folks, because the fruit-logo company has a problem, and it is one that is incredibly familiar to Windows users -- Java. The Oracle software platform may be one of the most exploited ones on computers.
Today Reuters reports that Apple, a company largely known for never admitting error -- think "You're holding it wrong" -- released a statement describing "the widest known attacks targeting Apple computers used by corporations". The same exploit had been used to attack social networking giant Facebook.
When Apple workers visited a specific website used by software developers, malicious software infected their computers. But not just Apple employees. Mac users in other locations also were vulnerable.
The problem is this: Malware writers used Java in the past to attack Macs. Remember last year's Flashback Trojan, which pulled together Macs into a massive botnet? The newest version of OS X, Mountain Lion, doesn't include Java by default for a reason. The upgrade goes so far as to remove the Java installed by previous version Lion. So why are computers Apple manages running unpatched Java -- or at all?
If Apple can't protect itself, how can it protect you? Does the arrogant attitude that Macs are invulnerable to viruses (they are not) run so deep inside Apple? As someone responsible for managing IT infrastructure, I ask these questions from experience. Apple should be the model of Mac security. Clearly it is not.
I question whether Apple should provide Java at all. Java as common means of attack is too common a story.
Still, to its credit, Apple responded rather quickly, issuing an update which it claims will deliver better security. The update "uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled 'Missing plug-in' to go download the latest version of the Java applet plug-in from Oracle".
There really is no telling, at this point, the extent of the damage beyond Apple. Surely we'll know more in the days ahead. Meantime, if you own a Mac, now is a good time to patch up, purge Java and install antimalware.