Apple says a "small number" of computers on its Cupertino campus were attacked by hackers, according to Reuters. The hack appears to exploit the same Java vulnerability that recently compromised computers at Facebook. “There is no evidence that any data left Apple," the company reportedly said.
According to the Reuters exclusive, Apple is currently working with law enforcement to identify the hackers. (The company has since also confirmed to Macworld the same details.) The company also said it planned to release software on Tuesday that would help Mac users keep their own machines safe. But assuming the exploit is indeed the same one used at Facebook, the attackers may not be able to get to many Mac users in the first place. Following last year's Flashback malware scare, many Mac users disabled or uninstalled Java on their machines. Apple has also removed the Java plugin from all Mac-compatible Web browsers and blacklisted Java browser plugins on OS X twice this year already in order to prevent critical exploits.
The incident follows a recent series of attacks targeting The New York Times, The Wall Street Journal, and other publications. Various attacks in the past months have also hit Twitter and Facebook (Facebook told Ars last week how the hack unfolded). Among other things, the hack used a compromised, third-party website for mobile developers to exploit a previously unknown vulnerability in Java, causing anyone who visited with Java enabled to become infected.
"The attack was injected into the [third-party] site's HTML, so any engineer who visited the site and had Java enabled in their browser would have been affected regardless of how patched their machine was," Facebook Chief Security Officer Joe Sullivan told Ars.
As of this writing, it doesn't look like Apple has issued a public statement outside of what it told Reuters. We will update this article if and when that—and the malware protection software—is released to the public.
Update: Apple has issued an update to Java that contains the aforementioned tool to protect Mac users.
reader comments
20