February 19, 2013
Facebook Hackers Attack Apple By Exploiting Java Vulnerability
Michael Harper for redOrbit.com — Your Universe Online
Apple announced today they´re the latest to be attacked by the same hackers who targeted Facebook last Friday. Not surprisingly, these hackers used Oracle´s dangerous software platform Java to exploit computers located at Apple´s 1 Infinite Loop headquarters in Cupertino. Apple is now calling these attacks the “widest known cyber attacks” against Macs to date.
These cybercriminals infected a software developer website with malware designed to specifically attack Macs. When Apple employees visited this site, they became infected. In a statement to Reuters, Apple admitted the malware in question was the same used in last week´s Facebook attack but pointed out other companies had been victimized in the same manner. They did not, however, specify which other companies had been targeted in this attack.
Experts say the same attack could target hundreds of companies and some defense contractors running Macs with Java installed. “We identified a small number of systems within Apple that were infected and isolated them from our network,” explained an Apple spokesperson in a statement.
“There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.” Apple took the offensive against Java attacks recently, placing all of the older, dangerous versions of Java on their Xprotect blacklist.
XProtect works by making sure each web plug-in is up-to-date and secure. The system also performs daily checks to ensure it is blocking other threats such as malware or trojan horses. This service was first launched in 2009 with Snow Leopard. Originally, users updated the system manually, but as threats against OS X continued to grow — such as last year´s Flashback trojan — Apple has begun automatically updating XProtect on a daily basis. Apple will likely take this attack into consideration when updating the next daily version of Xprotect. The Mac maker has also said they´ll be releasing a Java malware tool to check Macs and remove the malware if it is found.
This widespread attack on one of the world´s largest and best-known companies just happens to have occurred on the same day a report released by the security firm Mandiant claims a secret high-tech hacker arm of the Chinese military has been targeting American and other English-speaking companies for the past 7 years. All of these attacks seem to come from one single building in China´s Pudong district that has been outfitted with high-speed fiber optic lines, which Mandiant believes were installed by China Telecom in collaboration with the Chinese government.
By now, Java exploits have become so common they are an exasperating annoyance for many and a dangerous threat to those who still have to work with the software. Mac users can rest a little easier, however, as OS X automatically disables the software if it hasn´t been used in 35 days. Still, it´s better to be safe than to find yourself a victim to yet another Java exploit.
For simple instructions on how to remove Java completely from your computer, (which is very highly recommended) follow this link to Oracle´s website.