The words 'Apple' and 'security breach' don't often appear together, but on Tuesday the company said that some computers belonging to its employees had been targeted by hackers originating from China—the same group, reportedly, that last week infiltrated computers belonging to Facebook employees. The story was first reported by Reuters.
Attack Macro Classic
In an email, Apple provided Macworld with a statement on the breach, saying:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
- MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. Following images shows a Switch's MAC address table before and after flooding attack.
- What type of attack is Mac OS X susceptible to which are caused by Microsoft Office applications? What type of vulnerability is triggered when a user opens a maliciously crafted GIF file in Mac OS X systems prior to version 10.4? ImageIO Integer Overflow Vulnerability.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.
In the last few years, a growing number of active threats have targeted the Mac operating system. In fact, Malwarebytes saw more Mac malware in 2017 than in any previous year. By the end of 2017, the Malwarebytes intel team counted 270 percent more unique threats on the Mac platform than in 2016.
True to its word, Apple released a Java update late on Tuesday for Mac OS X 10.7 or later that patches a number of security vulnerabilities as well as scanning for the most common variants of the malware in question and removing them. If malware is found, the user will be notified of its removal.
The patch also updates Apple's provided version of Java to 1.6.0_41; the update is available by choosing Software Update from the Apple menu or visiting the Mac App Store and clicking on Updates. Snow Leopard users can check Software Update or download Java for Mac OS X 10.6 Update 13, which patches the same vulnerability.
In line with the company's recent policy on Java, these downloads will disable Apple's built-in Java plugin; users who try to run applets in their browser will instead be prompted to download the latest version of the Java plug-in from Oracle. One additional casualty this time around, for 10.7 and later, is the Java Preferences app that usually lives in OS X's Utilities folder—Apple says it's no longer necessary for configuration.
Attack Macros Classic Wow
Apple is only the latest target in a recent spate of cyber attacks that have hit institutions like the New York Times and the Wall Street Journal along with tech companies like Facebook and Twitter; most of those attacks have been traced back to China. The attack on Facebook, in particular, appears to have been committed via the same Java vulnerability as the Apple breach.
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
- MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. Following images shows a Switch's MAC address table before and after flooding attack.
- What type of attack is Mac OS X susceptible to which are caused by Microsoft Office applications? What type of vulnerability is triggered when a user opens a maliciously crafted GIF file in Mac OS X systems prior to version 10.4? ImageIO Integer Overflow Vulnerability.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.
In the last few years, a growing number of active threats have targeted the Mac operating system. In fact, Malwarebytes saw more Mac malware in 2017 than in any previous year. By the end of 2017, the Malwarebytes intel team counted 270 percent more unique threats on the Mac platform than in 2016.
True to its word, Apple released a Java update late on Tuesday for Mac OS X 10.7 or later that patches a number of security vulnerabilities as well as scanning for the most common variants of the malware in question and removing them. If malware is found, the user will be notified of its removal.
The patch also updates Apple's provided version of Java to 1.6.0_41; the update is available by choosing Software Update from the Apple menu or visiting the Mac App Store and clicking on Updates. Snow Leopard users can check Software Update or download Java for Mac OS X 10.6 Update 13, which patches the same vulnerability.
In line with the company's recent policy on Java, these downloads will disable Apple's built-in Java plugin; users who try to run applets in their browser will instead be prompted to download the latest version of the Java plug-in from Oracle. One additional casualty this time around, for 10.7 and later, is the Java Preferences app that usually lives in OS X's Utilities folder—Apple says it's no longer necessary for configuration.
Attack Macros Classic Wow
Apple is only the latest target in a recent spate of cyber attacks that have hit institutions like the New York Times and the Wall Street Journal along with tech companies like Facebook and Twitter; most of those attacks have been traced back to China. The attack on Facebook, in particular, appears to have been committed via the same Java vulnerability as the Apple breach.
Historically, Macs have not been a popular target for security attacks of this sort, though the ecosystem has battled a few outbreaks of malware over the past few years. However, it seems likely—given the pattern of recent attacks—that the target was Apple itself, rather than its platform at large.
Updated at 2:23 p.m. PT with information about the Java update and malware removal tool.
