Apple: yes, we were hacked, here’s your fix

By , Feb 19, 2013

Apple headquarters (Cupertino, Clifornia, exterior 001)

Apple is just the latest technology firm to announce it was the victim of hackers. Tuesday, the iPhone maker announced a limited number of employee computers were affected, however software would be released today protecting consumers. The malware infected a limited number of Macs through a vulnerability in the Java plug-in for browsers, the company confirmed.

The announcement – unprecedented from the usually tight-lipped company – included a statement by Apple attempting to calm consumer fears, saying there was “no evidence” that any data leaked out. This comes on the heels Facebook had also been targeted by hackers. Friday, the social networking giant said hackers based in China breached employee laptops, but no Facebook user data was taken.

UPDATE: less than three hours later, Apple has pushed out a Java update to patch the vulnerability…

Speaking with Reuters, the iPad manufacturer said “there was no evidence that any data left Apple.” The iPhone maker claims only “a small number” of employee computers were impacted.

Despite the assurance, the company said it would release “a software tool,” to combat any attacks on consumers, reports said. The comment may suggest Apple knows how the hacking occurred. The company is working with law enforcement to track down the hackers.

In a statement to AllThingsD, Apple confirmed the hackers accessed a number of Mac systems through a vulnerability in the Java plug-in for browsers:

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.

We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

The statement claims a malware removal tool will be released later today:

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.

UPDATE: the Java for OS X 2013-001 security update is now available for download by choosing Software Update… from your computer’s Mac menu.

Java for OS X 2013-001 1.0 update prompt

From release notes accompanied the download:

Java for OS X 2013-001 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.

On systems that have not already installed Java for OS X 2012-006, this update disables the Java SE 6 applet plug-in. To use applets on a web page, click on the region labeled “Missing plug-in” to download the latest version of the Java applet plug-in from Oracle.

Please quit any web browsers and Java applications before installing this update.

On Friday, Facebook announced it was the victim of hackers it claims were traced to China.

Today, the New York Times reported on a small group of Chinese Army hackers working to uncover U.S. business secrets.

Just last week, U.S. President Barack Obama announced he’d order heightened protection against hackers attacking what Reuters called the “country’s critical infrastructure.”

The signs of such hacking are not hard to find. Recently, the New York Times and the Wall Street  Journal reported they were victims of hackers who broke into their computer systems in search of email addresses for reporters who’ve written critically of the Chinese government leaders.

  • Share:
  • Follow:
  • CollegiateLad

    These guys are hacking everyone…

  • FlamingOzone

    Chinese army hackers lol

  • http://www.facebook.com/AbotyNanos Aboty Nàno

    Did that mean to allowed to Jailbreak or something else?

  • JerseyD

    Malware infected Apple employee Macs? But but but macs can’t get infected

    • CollegiateLad

      If you own a Mac, don’t install java.

      • http://twitter.com/sivkai Siv

        Or any OS for that matter. I wish Java would die already.

  • http://www.ideaprison.com/ ideaprison

    Always Java, Java, Java that is to blame, horrific piece of sh*t from the ancient days of internet

    • Falk M.

      “All computers affected were workmachines by employees who are avid Minecraft gamers and/or Adobe software users, a problem easily preventable if people stopped coding desktop applications and supplements in Java.”, said Apple PR Manager and Security Director Nuhtreally Fakcomment.

      :P

    • seyss

      cant vote you up twice

    • http://twitter.com/sivkai Siv

      Sooooooo true. I despise Java. That outdated piece of crap NEEDS to go.

      • Jon

        So come up with something better, if you don’t like it. Flash is better, and it’s dying. Javascript is considerably worse than straight Java. I don’t see many better alternatives… That leaves your solution a great niche. Best be getting started.

      • Falk M.

        How about we get back to coding native code PER OS…
        For Christ’s sake…

  • Ernie Marin

    So now that Apple is leaving China, they’ve become terrorist?, can’t they just admit any 12 year old can hack their systems.

    • CollegiateLad

      I steer clear of java. It’s garbage.

    • Chuck Finley

      While it’s true China hacks the shit out of the US’s computers it’s the exact same the other way round. Everybody’s hacking everybody tbh.

  • Matthew Tanner

    Its prolly those people who wanted an open ios who sent the malware

  • Liam Mulcahy

    I thought this article would be about jailbreaking

  • Muzammil Ahmed

    this is really amazing and alarming for online community

  • http://www.facebook.com/profile.php?id=100000606372701 David Canfield

    lave a virus trapo for thm swomthing like the hadrive reaper virus