Apple was struck Tuesday by a large-scale hack that is being called “highest-profile cyber-attack to date on businesses running Mac computers,” affecting not only Apple headquarters computers, but also several “other companies” that work with Mac devices.
The company told Reuters in a statement that the hack originated when Apple workers attempted to visit a software developer’s website infected with malware.
The malware, designed to specifically target Macs by “exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers” was also used to hack Facebook, the social media company revealed Friday.
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," the company said.
"The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers."
Bloomberg, citing "two people familiar with the matter," reported later Tuesday that malware attacks are linked to an Eastern European gang of hackers that is trying steal company secrets.
The attack is part of the same series of invasions that also led to recently disclosed breaches at Facebook and Twitter, investigators working with the companies told Bloomberg. Apple was the first to discover the attack, one of the people said.
Investigators suspect the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server it used to a hosting company in the Ukraine. Other evidence, including the malware used in the attack, also suggest it is the work of cyber-criminals rather than state-sponsored espionage from China, two people with knowledge of the investigation said.
While Apple has not disclosed exactly how many companies have been affected, a person well-versed on the investigation said hundreds of companies have had their computers infected with the malware, according to Reuters.
"This is the first really big attack on Macs. Apple has more on its hands than the attack on itself," the source, who requested to remain anonymous, told Reuters.
Apple hardware has notably evaded the attention of hackers who tend to target PCs that run the Windows operating system; however, the criminal hackers are now taking the time to learn techniques of infiltrating the system.
"The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Charlie Milller, Apple security expert and co-author of the “Mac Hacker's Handbook,” told Reuters.
One newly adopted techniques in particular has hackers exploiting a flaw in Adobe Systems Inc.'s Flash software, Miller detailed.