Hardly a week after Facebook said it been a target of malware attack, Apple has become the latest big company to admit it has been a victim of computer hacking.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers.” Apple said in a statement:
Investigations into the breaches are ongoing. It was not immediately clear when the attacks had begun, the extent to which the hackers had succeeded in stealing data from targeted systems, or whether all infected machines have been identified.
The malware was distributed at least in part through a site aimed at iPhone developers, which might still be infecting visitors who haven’t disabled Java in their browser, the person close to the case said. There is a version that infects computers running Microsoft Windows as well.
Security firm F-Secure wrote that the attackers might have been trying to get access to the code for apps on smartphones, seeking a way to infect millions of end-users. It urged developers to check their source code for unintended changes.
The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp’s Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday.
Twitter, which disclosed that it had been breached February 1 and that hackers might gave accessed some information on about 250,000 users, was hit in the same campaign, according to a person close to the investigation.
Another person briefed on the case said that hundreds of companies, including defense contractors, had been infected with the same malicious software. Though this person said that the malware could have originated from China, there was no proof.
“There is no evidence that any data left Apple.”
It added that it was releasing an updated Java malware removal tool that would remove the malware from computers if found.