Apple announced today that some of the computers of its employees were hacked after those workers visited a website for software developers that contained malicious software. According to Apple, the software had been designed to infect Mac computers.
To infiltrate Apple’s computers, the software used a flaw in Java, which is used as a plug-in for many browsers, including Apple’s own Safari. The same Java exploit was used to hack social networking site Facebook last Friday.
Apple says that only a small number of employee computers were hacked, and that no internal data had been compromised. Here’s what the company had to say in a statement to The Loop:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
The Java attacks on Apple, Facebook, and several other companies mark the most high-profile cyber attacks on Mac computers to date. Macs have been largely malware free, with hackers focusing primarily on Windows systems, but attacks on Macs have ramped up as Apple’s computers have become more popular, both with businesses and individuals. This particular Java hack required users to click on and visit an infected website.
Apple has plans to fix the vulnerability immediately. The Cupertino-based company says that it will release an updated Java malware removal tool later today. The tool will check Mac systems and remove the malware if it is located on the computer.