Apple Admits Hack On Its Own Mac Machines

Tech titan Apple has admitted a number of its employees’ Mac machines have been compromised, purportedly by the same attackers who hit Facebook.

A small number of Mac machines were hit, reportedly by attackers using the same Java vulnerability and the same “watering-hole” website – a site for iOS developers – serving up the exploit.

Facebook said last week it had tracked the attack on its systems back to China. Twitter was also attacked this year, with fingers again pointed at China. Reports have suggested Twitter was targeted by the same hacking group that went after Apple and Facebook.

Mac machine hack

“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” a statement sent to media from the Cupertino company read.

“The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.

“We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”

Apple is now working closely with law enforcement on the case.

This week, security company Mandiant released a report suggesting a group associated with, or possibly part of, China’s People’s Liberation Army (PLA) was responsible for hitting a large number of English-speaking businesses, many based in the US. China has denied those claims.

Hacks on various media firms, including the New York Times and the Washington Post, have also been attributed to China, which it has also vociferously denied.

Java fixes

As for Java, which is at the heart of many notable recent breaches, Oracle today issued a critical patch update. It covered five vulnerabilities in Java, three of which were rated as critical.

Apple has released an update patching Java 6 for Mac OS X, as well as a Java malware removal tool.

Mac machines with OS X Lion, or a subsequent OS iteration, ship without Java. OS X also disables Java if it goes unused for 35 days.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago