Hackers hit Apple after Facebook attack
SAN FRANCISCO (AFP) – Apple on Tuesday said it suffered a cyber attack similar to the one recently carried out against Facebook, but that it repelled the invaders before its data was plundered.
The maker of iPhones, iPads, iPods, and Macintosh computers said it is working with law enforcement officials to hunt down the hackers, who appeared tied to a series of recent cyber attacks on US technology firms.
“The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers,” Apple said in an e-mail response to an AFP inquiry.
The malicious software, or malware, took advantage of a vulnerability in a Java program used as a “plug-in” for Web-browsing programmes.
A “small number” of computer systems at Apple were infected but they were isolated from the main network, according the Silicon Valley-based company.
“There is no evidence that any data left Apple,” Apple said.
Apple released a Macintosh computer operating system update that disables Java software that hasn’t been used for 35 days or longer, as well as a tool for finding and removing the malware.
Word of hackers hitting Apple came just days after leading social network Facebook said it was “targeted in a sophisticated attack” last month, but that it found no evidence any user data was compromised.
Facebook said Friday that the malware came from an infected website of a mobile developer.
“We remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” it said.
It was unclear whether it was the same website blamed for the attack on Apple.
Using a previously unseen tactic, the attackers took advantage of a flaw in Java software made by Oracle, which was alerted to the situation and released a patch on February 1, according to Facebook.
The hackers appeared to be targeting developers and technology firms based on the website they chose to booby-trap with malicious code.
“Facebook was not alone in this attack,” the Northern California-based company said.
“It is clear that others were attacked and infiltrated recently as well.”
Early this month Twitter said it was hammered by a cyber attack similar to those that recently hit major Western news outlets, and that the passwords of about 250,000 users were stolen.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Twitter information security director Bob Lord said in a blog post at the time.
Lord said there was an “uptick in large-scale security attacks aimed at US technology and media companies”.