Apple Admits Hack On Its Own Mac Machines

Tech titan Apple has admitted a number of its employees’ Mac machines have been compromised, purportedly by the same attackers who hit Facebook.

A small number of Mac machines were hit, reportedly by attackers using the same Java vulnerability and the same “watering-hole” website – a site for iOS developers – serving up the exploit.

Facebook said last week it had tracked the attack on its systems back to China. Twitter was also attacked this year, with fingers again pointed at China. Reports have suggested Twitter was targeted by the same hacking group that went after Apple and Facebook.

Mac machine hack

“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” a statement sent to media from the Cupertino company read.

“The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.

“We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”

Apple is now working closely with law enforcement on the case.

This week, security company Mandiant released a report suggesting a group associated with, or possibly part of, China’s People’s Liberation Army (PLA) was responsible for hitting a large number of English-speaking businesses, many based in the US. China has denied those claims.

Hacks on various media firms, including the New York Times and the Washington Post, have also been attributed to China, which it has also vociferously denied.

Java fixes

As for Java, which is at the heart of many notable recent breaches, Oracle today issued a critical patch update. It covered five vulnerabilities in Java, three of which were rated as critical.

Apple has released an update patching Java 6 for Mac OS X, as well as a Java malware removal tool.

Mac machines with OS X Lion, or a subsequent OS iteration, ship without Java. OS X also disables Java if it goes unused for 35 days.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago