Apple latest victim of Java-based hacking spree

 

Gallery

By Reuters

Posted on 20 Feb 2013 at 09:33

Apple was hacked after staff members went to a malicious site with their Macs, the company has admitted.

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers.

The same software, which infected Macs by exploiting a flaw in a version of Oracle's Java software used as a plug-in in browsers, was also used to launch attacks against Facebook, and against "other companies," Apple said.

An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs, saying he could not elaborate further on the statement it provided.

"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said.

"We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued.

The statement said Apple was working closely with law enforcement to find the culprits. Apple said it plans to release a piece of software that customers can use to identify and repair Macs infected with the malware used in the attacks.

Others hit

The attack is the same one that hit Twitter, according to a person close to the investigation.

Another person briefed on the case said that hundreds of companies, including defense contractors, had been infected with the same malicious software. Though this person said that the malware could have originated from China, there was no proof.

"This is a new campaign. It's not like the other ones you read about where everyone can tell it's China," the first person said.

The malware was distributed at least in part through a site aimed at iPhone developers, which might still be infecting visitors who haven't disabled Java in their browser, the person close to the case said. There is a version that infects computers running Windows as well.

The only thing that was making it safe before is that nobody bothered to attack it

Security firm F-Secure wrote that the attackers might have been trying to get access to the code for apps on smartphones, seeking a way to infect millions of users. It urged developers to check their source code for unintended changes.

First big Mac attack

The breaches described by Apple mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products.

"This is the first really big attack on Macs," said the source, who declined to be identified because the person was not authorised to discuss the matter publicly. "Apple has more on its hands than the attack on itself."

Charlie Miller, a prominent expert on Apple security who is co-author of the Mac Hacker's Handbook, said the attacks show that criminal hackers are investing more time studying the Mac OS X operating system so they can attack Apple computers.

For example, he noted, hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe's Flash.

"The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Miller said.