Security patch now available. See update below for details.
Apple admitted to Reuters today that its computer system was hit by the same hackers who infected Facebook’s network last week. Only a small number of Apple employees’ Macs were affected by the attack, the company said, and “there was no evidence that any data left Apple.”
Apple says it will release a security patch later today to prevent customers’ Macs from becoming infected with the malware used against the Cupertino electronic giant’s system. An investigation has also been launched in an attempt to identify the hackers responsible for the attack.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers,” the company said in a statement to AllThingsD. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
Last Friday, Facebook revealed that its systems suffered a “sophisticated attack” after “a handful of employees visited a mobile developer website that was compromised.” The malware infection, which was first detected by Facebook in January, was carried out through a “zero-day” exploit that allows the attackers to bypass built-in security features in Java. The company said that it was able to quickly remedy the infected computers, and that it had “no evidence that Facebook user data was compromised in this attack.”
On its security blog, the company said that “Facebook was not alone in this attack.”
“It is clear that others were attacked and infiltrated recently as well,” wrote Facebook. “As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected.”
News of the cyberattacks on Facebook and Apple come amidst a flurry of cybersecurity activity on all levels. Earlier today, The New York Times outlined a 60-page report (PDF) from cybersecurity firm Mandiant, which accused the Chinese military of supporting widespread cyber attacks and cyber espionage on American corporations and the U.S. government. Just over a week earlier, The New York Times revealed that its own systems had been breached by Chinese hackers. The Washington Post, Wall Street Journal, and Bloomberg News later revealed similar attacks on their systems and journalists.
The federal government is currently making a major push for cybersecurity. On Tuesday, President Obama signed an executive order meant to bolster cybersecurity measures for critical infrastructure networks like electrical stations and financial services, which he highlighted during his State of the Union address. And House Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) reintroduced the contentious Cyber Intelligence Sharing and Protection Act (CISPA), which aims to increase sharing of “cyber threat intelligence” between government and businesses.
Update: Apple has released an update for OS X to patch the security hole that led to its own infection. Your best bet is to simply click “Software Update” under the “apple” menu. Or you can download it directly from here.