Apple latest victim of Java-based hacking spree
Posted on 20 Feb 2013 at 09:33
Apple was hacked after staff members went to a malicious site with their Macs, the company has admitted.
Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers.
The same software, which infected Macs by exploiting a flaw in a version of Oracle's Java software used as a plug-in in browsers, was also used to launch attacks against Facebook, and against "other companies," Apple said.
An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs, saying he could not elaborate further on the statement it provided.
Find out moreDrop Java despite security patches, warn experts
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said.
"We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued.
The statement said Apple was working closely with law enforcement to find the culprits. Apple said it plans to release a piece of software that customers can use to identify and repair Macs infected with the malware used in the attacks.
The attack is the same one that hit Twitter, according to a person close to the investigation.
Another person briefed on the case said that hundreds of companies, including defense contractors, had been infected with the same malicious software. Though this person said that the malware could have originated from China, there was no proof.
"This is a new campaign. It's not like the other ones you read about where everyone can tell it's China," the first person said.
The malware was distributed at least in part through a site aimed at iPhone developers, which might still be infecting visitors who haven't disabled Java in their browser, the person close to the case said. There is a version that infects computers running Windows as well.
The only thing that was making it safe before is that nobody bothered to attack it
Security firm F-Secure wrote that the attackers might have been trying to get access to the code for apps on smartphones, seeking a way to infect millions of users. It urged developers to check their source code for unintended changes.
First big Mac attack
The breaches described by Apple mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products.
"This is the first really big attack on Macs," said the source, who declined to be identified because the person was not authorised to discuss the matter publicly. "Apple has more on its hands than the attack on itself."
Charlie Miller, a prominent expert on Apple security who is co-author of the Mac Hacker's Handbook, said the attacks show that criminal hackers are investing more time studying the Mac OS X operating system so they can attack Apple computers.
For example, he noted, hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe's Flash.
"The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Miller said.
By colin52 on 20 Feb 2013
I really don't know what all of the fuss is about.
When I bought my iAnything I was assured by the Apple store staff that all Apple devices are immune to any form of attack.
I think that this is just Microsoft propaganda.
By jontym123 on 21 Feb 2013
Such a Tragedy
Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ;)
By shrek59 on 21 Feb 2013
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software