Apple hacked by Facebook cyberattackers
Apple has been the target of a cyberattack similar to the one recently reported by Facebook, according to Reuters.
Reuters reported Tuesday that Apple says it was attacked by the same hackers that breached Facebook. The tech giant told the news agency that no data appears to be stolen and that a software tool will be released later this week.
Apple confirmed the security breach, but did not comment on reports that the hackers were also responsible for the Facebook attack and released this statement to CBS News:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.
- China military unit behind many hacking attacks on U.S.
- Chinese cyberattacks prompt U.S. to beef up Pentagon security
In January, the U.S. Department of Homeland Security advised that people temporarily disable Java software on their computers to avoid potential attacks from hackers. The government agency says that all versions of Java 7 through update 10 were affected, and that web browsers using the Java 7 plug-in were also at high risk.
Oracle released a patch days after the security advisory, however critics claimed that users were still vulnerable to cyberattacks. At the time, Java security experts Security Explorations told CBS News in an email that "there are still unpatched security vulnerabilities that affect the most recent version of the software."
Facebook announced on Friday that it washacked last monthby way of a developer's website that was compromised. In a statement the social network said:
Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day. We have no evidence that Facebook user data was compromised in this attack.
- New York Times: Chinese hackers attacked our computers for months
- Obama signs cybersecurity executive order
In recent months, companies like Twitter, The New York Times and the Wall Street Journal all reported security breaches. It appears that the attacks may have been carried out by China's army.
In a 60-page report, cyber security firm Mandiantsaid that its "research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army to commit systematic cyber espionage and data theft against organizations around the world."
China has repeatedly denied any government involvement in computer hacking.
"Chinese law forbids hacking and any other actions that damage Internet security," a statement from the Defense Ministry said early this year. "The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless."
President Obama signed an executive order on Feb. 12 aimed at boosting the nation's cybersecurity by enabling the government to share information with private firms more easily, and establishing mandatory reporting on security threats from government agencies to U.S. corporations at risk. Congress, however, has been unable to agree on any legislation to set new laws on cybersecurity.
In the wake of the cyberattacks, the Pentagon is pushing to expand its cyber-security forces. Earlier this month, CBS News correspondent Bob Orr reported on "CBS This Morning" that the U.S. military's so-called Cyber Command will grow five-fold over the next few years, from 900 employees presently to nearly 5,000 civilian and military personnel.
CBSNews.com foreign editor Tucker Reals contributed to this report.
