Apple’s not invulnerable, after all.
A small number of Apple employees’ computers were hacked recently by the same crew that attacked Facebook, and which Facebook claimed it traced back to China. In that case, Facebook said, its employees’ machines were fully patched and up-to-date, and entry was gained via a previously unknown zero-day attack in the Java browser plugin.
In a statement released to AllThingsD, Apple said there was no evidence the attack succeeded in getting any corporate data:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Java is notoriously a source of security problems, and Apple says it will release a software tool later today to patch the problem. Oracle had provided a patch on February 1, 2013, according to Facebook, but Apple is not known for being quick to release new updates. That update is not yet available, at least according to my MacBook Air’s software update mechanism.
Worth noting: Apple has not shipped Java since Mac OS X Lion — which launched in July of 2011 — and also disables Java if it has not been used in 35 days.
Apple says it is assisting authorities in tracking down the hackers.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more