In a post on the Knowledge Base website (via AllThingsD), Apple made its first public comment on the Flashback Malware attack since it hit the headlines last week.
The Flashback 'botnet' can take remote command of infected Mac computers, and then harvest personal data, such as user names and passwords.
The problem is understood not to be attributed to the Mac OS X operation software, but in Oracle's Java. However, the controversy has still hit the previously impervious security record of Macs compared to PC.
Apple released a fix for the Java security flaw on April 3, but it is now working on a further software update that will detect and remove the malware from infected machines.
The US firm is also working with internet service providers worldwide to "disable" the command and control networks that are controlling compromised Macs.
"A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs," said Apple in its post.
"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6.
"By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences.
"You can also run Software Update at any time to manually check for the latest updates. Apple is developing software that will detect and remove the Flashback malware."
Apple continued: "In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network."
The US firm advised anyone with a Mac running Mac OS X v10.5 or earlier that they can better protect their machine from malware by disabling Java in their web browser preferences.
> Apple's new iPhone to feature 'sleek, unibody casing'