Apple Employees Hacked via Java Plugin Exploit
Apple reported some of its employees were hacked through a Java plugin exploit served through a developer website, but no evidence of data theft was revealed.
The few computers compromised were unplugged from the network and are pending investigation as to the source of the attack. The company believes the malware was designed for other companies as well and that it`s part of a larger operation.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” Apple said in a statement. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.”
Apple also emphasized the company has completely stripped Java from the default configuration of OS X Lion. If unused for 35 days, it will automatically be uninstalled. An update addressing the Java malware responsible for current issue was released to ensure that no other users are affected.
With security firm Mandiant saying that most recent hacking attacks originated from China – conducted by Unit 61398, the country’s People’s Liberation Army ” experts assume the attack on Apple`s computers might have been orchestrated by the cyber espionage group. China said it had no part in these attacks.
“Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days,” said Apple. “To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.”
In January, the U.S. Department of Homeland Security issued a warning that users should disable Java, as it can easily be weaponized and used for various attacks. Although it was referring to a different Java bug, the advice is still sound.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021