Apple confirms cyber attack, will release security tool

[Fiery]

The words “Apple” and “security breach” don’t often appear together, but on Tuesday the company said that some computers belonging to its employees had been targeted by hackers originating from China—the same group, reportedly, that last week infiltrated computers belonging to Facebook employees. The story was first reported by Reuters.

Read more: http://www.pcworld.com/article/2028740/apple-confirms-cyber-attack-will-release-security-tool.html

 

[Jack]

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.

35 days and then being disabled sounds like a good idea, and I'm sure the removal tool will come in handy.
Java has so many vulnerabilites that is a really danger for any operating system. The Java update system has it's flaws, and maybe Oracle should try and find a solution, so that it's poor users will get an automatic and silent update, whenever a new update is being released.

 

[softwareFREEk]

Apple says a "small number" of computers on its Cupertino campus were attacked by hackers, according to Reuters. The hack appears to exploit the same Java vulnerability that recently compromised computers at Facebook “There is no evidence that any data left Apple," the company reportedly said.

http://arstechnica.com/apple/2013/02/apple-hq-also-targeted-by-hackers-will-release-tool-to-protect-customers/

 

[softwareFREEk]

Facebook, Twitter, Apple hack sprung from iPhone developer forum

The website used to infect engineers at Facebook with espionage malware has been identified as an iPhone developer forum by people close to the investigation into the hacking incident.

That page, at the iPhone developer website iphonedevsdk.com, was used to expose visitors to a previously undocumented vulnerability in Oracle's Java browser plugin. The "zero-day" exploit allowed the attackers to install a collection of malware on the Java-enabled computers of those who visited the site. Ars readers shouldn't visit the site because it still may still be compromised.

iphonedevsdk.com is an example of a "watering hole" attack.

Read on: http://arstechnica.com/security/2013/02/web-forum-for-iphone-developers-hosted-malware-that-hacked-facebook/

 

[Gnosis]

Apple computers 'hacked' in breach

Apple has said its computers were attacked by the same hackers who targeted Facebook.

MORE:

http://www.bbc.co.uk/news/technology-21510791

 

[softwareFREEk]

RE: Apple computers 'hacked' in breach

to follow on from Gnosis thread

Dev site behind Apple, Facebook hacks didn't know it was booby-trapped

"What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers," he went on. "We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013."

Read from source

 

[softwareFREEk]

Update: Is China innocent? New reports claim cyber attacks on Facebook, Twitter, and Apple came from Eastern Europe

http://edition.cnn.com/2013/02/20/tech/web/hacked-apple-facebook-twitter/index.html