The hacking saga at major technology companies continues, with Apple revealing that computers of some of its engineer were infected by the same malware that was used to attack computers at Facebook and possibly Twitter.
Last week, Facebook had revealed a detailed hack-attack on its computers but assured that no user details were stolen. To know all the details of how the Facebook attack was orchestrated, view our detailed piece here.
According to Reuters, which broke the story first, the malware was distributed at least in part through a site aimed at iPhone developers, which might still be infecting visitors who haven’t disabled Java in their browser, the person close to the case said.
Ars Technica has reportedly identified this website citing sources who are investigating the case. The report on Ars says this is website is iphonedevsdk.com. Users must note that they should not visit this site as it may still contain active malware that could lead to infection.
The report goes on to say that in this case, the site, which hosts a Web forum for iPhone developers, netted the hackers access to the computers of software engineers and developers working on mobile application projects for a number of companies, including Facebook. The exploit was the source of the attack on Twitter that led to the theft of Twitter usernames and passwords, according to a source familiar with the attack, and was used to infect computers belonging to Apple engineers.
AllThingsD is also reporting that this is the site that was used in the hack attacks.
The report on AllThingsD, also has an update from Ian Sefferman, who is owner and operator of the site iPhoneDevSDK. He said, “We’re investigating Facebook’s reports that iPhoneDevSDK was hosting an exploit targeted at Facebook employees. We’re actively ensuring that is not the case Facebook originally noted that they immediately reached out to other affected companies, but we were never contacted by Facebook, any other company, or law enforcement.”
Apple had a statement said that “Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. ”
Apple said that there was no evidence that data left Apple.
Once again the weak link in these hacking attacks seems to be the Java installed in web-browsers. One of the steps that you can take to avoid such malware is to disable Java on your web-browsers completely. Oracle has released an update patch on Java on Tuesday and Apple has also released a similar patch.
In the meantime, its best to take precautions and do a full malware sweep of your computer.