“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” the company said in a statement. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."
As Twitter and Facebook before them, Apple didn't mention which website for software developers was the source of the attack, but AllThingsD reported that sources close to the Facebook hacking investigation pointed to iPhoneDevSDK, the home of iOS developer forums.
Ian Sefferman, owner and operator of the site, issued a statement saying that they've learned that the site was used in the attack via the press. "Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach," he stated.
He explained that the site is targeted for attacks frequently, and because of that they switched to Vanilla Forums last year. But after getting in touch with Facebook's security team and Vanilla, they concluded that this attack has nothing to do with their software.
The first reaction to these breaches was that the attackers are likely Chinese, but according to Bloomberg sources, it seems that Twitter, Facebook, Apple and some 40 other companies were actually attacked by an Eastern European gang of hackers that's after company secrets they can sell.
I wonder that the investigators haven't made public the name of the compromised site sooner, as many developers from a myriad of companies and even independent ones visit the site daily. If the above claim proves to be true, the attackers were apparently out for all they could get and were probably not targeting only high-profile, big firms.
In the meantime, Apple has moved to protect their customers. Apart from patching several vulnerabilities that made this attack possible, the Java update for Mac pushed out on Tuesday also contains an updated Java malware removal tool that will check systems and remove the most common variants of malware.
Home users are advised to disable Java on their computer and browsers if they don't need it, but companies that suspect that their developers might have visited the compromised site have more to do.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.