CNETAnalysis: Are Mac computers really any more secure than the machines’ Windows counterparts? The answer these days seems obvious. Apple issued a statement Tuesday admitting that it had been targeted by hackers who infected computers on the company’s own network with malware through a Java vulnerability. According to numerous reports, the same Java flaw was used to infect computers at Facebook last month, an attack that the social network company described on Friday. Though Apple reported that no data was compromised, Mac computers beyond Apple’s walls could be infected. The Cupertino company released a new version of Java Tuesday afternoon designed to help mitigate any damage caused by the hack. Apple’s statement “Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” read a statement released by Apple. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.” That may not be all there is to it, though: According to Reuters , which claimed to have spoken with “a person briefed on the investigation into the attacks,” this may be the biggest cyber attack yet on OS X. The Reuters source said that “this is the first really big attack on Macs,” and that “Apple has more on its hands than the attack on itself.” Indeed, Apple reportedly declined to disclose exactly how many companies were affected by attacks based on this Java exploit (or expand on its statement at all), but Reuters’ source claimed that it was in the hundreds, and that some of those companies included defense contractors. Hide your PC, hide your Mac Apple said in its st! atement that it’s working with Johnny Law to bring its attackers to justice, and noted that Mac computers have shipped without Oracle’s Java since OS X 10.7 Lion was released in 2011. Users can of course install it themselves, but according to Apple, Java is also automatically uninstalled if it’s not used for 35 days. Apple computers used to be considered more secure than Windows PCs, but that golden age for Apple is likely at an end. This latest attack by hackers is hardly an isolated case, though it’s not as if OS X is the only system being targeted. Twitter was hacked earlier this month, and attacks on the New York Times and the Wall Street Journal preceded that. Reuters noted the increased tensions between Washington D.C. and Beijing, China, drawing a link between the White House’s concerns with Chinese cyber-theft and the recent spate of attacks on U.S. computers. Additionally, AllThingsD reported that the hacks on Apple, Facebook and Twitter can be traced to one website – iPhoneDevSKD.com. (Note: This site may still host compromised code, so don’t visit it). Considered a development “hub” for companies focused on mobile, Facebook employees who visited the site reportedly saw malicious code housed in the site’s HTML to exploit a Java plug-in to infect their computers. The site not only welcomes those involved in mobile development but any organization interested in mobile. It’s possible Apple and Twitter employees visited the site as well. iPhoneDevSKD Owner and Operator Ian Sefferman told AllThingsD that the site is investigating the Facebook report.
