Reuters is reporting that over the last week, Apple was the target of a hacking attempt originating from China, infecting a small number of its employees’ MacBooks.
The hackers appear to be responsible for a string of attacks on other large technology companies as well. Apple says that there isn’t any evidence of data theft, but the company is working with law enforcement authorities to track the breach. It would additionally be pushing out a software tool to Mac users later today that would protect them against similar hacking attempts.
The attack, Apple says, exploited a Java browser plug-in vulnerability:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.
The Java plug-in for browsers has constantly undermined the security of all OSes, and despite actively blocking the plug-in, Apple fell victim to one of these exploits. Facebook and Twitter were also targets of a similar attack, where hackers took advantage of the loopholes in the Java plug-in.
Chinese hackers have also been attacking large media house like The New York Times, Bloomberg and The Wall Street Journal, with the publications claiming that such attacks had the backing of the Chinese government.
We’ll keep you informed about Apple’s security software tool that is supposed to be released later today.
Update: Apple has released an update to address this Java vulnerability.