Apple said Tuesday that a small number of its employees’ computers were hacked through a vulnerability in the Java browser plug-in, but said none of its internal data was compromised.
The flaw was also used to compromise Macs at other companies, including a recently disclosed attack at Facebook.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers,” the company said in a statement to AllThingsD. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
The company noted that it has been shipping Macs without Java since the release of Mac OS X Lion, and that it also has a software mechanism that disables Java if it goes unused for 35 days. Apple is also releasing an updated software tool to detect and remove Java-related malware.
On Friday, Facebook confirmed that it was a victim of a targeted attack last month.
Such attacks have been on the rise, with many government agencies and companies saying that they have been targeted.
The attack on Apple employee computers was reported earlier on Tuesday by Reuters.
Tuesday, February 19, 2013
Apple Says It, Too, Was Attacked by Hackers - Ina Fried - News - AllThingsD