Apple have today said that some of their employees’ computers may have been targeted by the same Chinese hackers that breached Facebook recently. They also say that no data was exposed.
The iPhone manufacturer said the breach occurred after some company employees visited a developer website which then exploited a vulnerability in the Java browser plugin and subsequently installed malware onto their Macs. This sounds remarkably similar to what happened with Facebook in January.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.”
Thus far there is no word from Apple on when exactly the incident occurred but I would bet serious money on it having been last month around the time Facebook fell victim, though they didn’t report it until just a few days ago.
Also, there is no word from Apple as to where the attack originated from but, again, China may well be the most likely suspect following recent hacking incidents involving Twitter, The New York Times, The Federal Reserve, The Dept of Energy, The Washington Post and more.
News of this attack comes just as a security firm – Mandiant – released a report that linked hackers within China to the national government.
photo: Roberto MO