Hackers hit Apple after Facebook attack

TRAPPED::While a few of its computer systems were infected by the malware, they were isolated from the main network and no data was compromised, Apple said


Thu, Feb 21, 2013 - Page 15

Apple on Tuesday said it suffered a cyberattack similar to the one recently carried out against Facebook, but that it repelled the invaders before its data was plundered.

The maker of iPhones, iPads, iPods and Macintosh computers said it was working with law enforcement officials to hunt down the hackers, who appeared tied to a series of recent cyberattacks on US technology firms.

“The malware was employed in an attack against Apple and other companies, and was spread through a Web site for software developers,” Apple said in an e-mail response to a reporter’s inquiry.

The malicious software, or malware, took advantage of a vulnerability in a Java program used as a “plug-in” for Web-browsing programs.

A “small number” of computer systems at Apple were infected, but they were isolated from the main network, the Silicon Valley-based company said.

“There is no evidence that any data left Apple,” it said.

Apple released a Macintosh computer operating system update that disables Java software that has not been used for 35 days or longer, as well as a tool for finding and removing the malware.

Word of hackers hitting Apple came just days after leading social network Facebook said it was “targeted in a sophisticated attack” last month, but that it found no evidence any user data was compromised.

Facebook said on Friday that the malware came from an infected Web site of a mobile developer.

“We remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” it said.

It was unclear whether it was the same Web site blamed for the attack on Apple.

Using a previously unseen tactic, the attackers took advantage of a flaw in Java software made by Oracle, which was alerted to the situation and released a patch on Feb. 1, Facebook said.

The hackers appeared to be targeting developers and technology companies based on the Web site they chose to booby-trap with malicious code.

“Facebook was not alone in this attack,” the Northern California-based company said.

“It is clear that others were attacked and infiltrated recently as well,” it said.

Early this month Twitter said it was hammered by a cyberattack similar to those that recently hit major Western news outlets, and that the passwords of about 250,000 users were stolen.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Twitter information security director Bob Lord said in a blog post at the time.