In a sign of Apple's increasing vulnerability to hackers,
some Mac computers belonging to Apple employees were infected
with Java-related malware when the employees visited a
software development website, the company announced.
The disclosure follows a similar Java-related cyberattack
against Facebook that was revealed on Friday and comes after
President Barack Obama called on Congress in his State of the
Union address to impose tougher legislation to protect
American interests from cyberattacks.
Apple iPhones and iPads do not appear to be infected, and the
Cupertino, California, company did not disclose how many of
its employees' computers were infected or when. It issued a
software fix aimed at customers who already had installed
Java on their Macs.
Windows-based operating systems have been the most popular
targets of hacker attacks. But hundreds of thousands of Mac
computers were hit last year with a Trojan horse virus called
"Flashback" and the latest cyberattack is a troubling sign.
"Definitely, Macs are not as secure as they were previously,"
said Liam O Murchu, a researcher with Symantec. "Until last
year, we hadn't seen a lot of Mac threats. This showcases
that Macs are not invulnerable."
Neil Cook, chief tech officer for Cloudmark, which works on
Internet security issues, said Apple's rising popularity
makes it a bigger target for hackers.
"Apple's market size has always lagged behind," Cook said.
"Now 1 in every 3 laptops sold is a Mac, so they've become
extremely mainstream, and they've entered that sweet spot
that hackers are looking for."
AllThingsD, a prominent tech industry blog, reported that
both the Apple and Facebook attacks may have stemmed from one
compromised website that is related to mobile development.
The blog, citing sources close to the Facebook hacking probe,
identified the site as iPhoneDevSDK and said it could also be
connected to a recent Java-related Twitter hack that may have
accessed up to 250,000 user names and passwords.
"The malware was employed in an attack against Apple and
other companies, and was spread through a website for
software developers," Apple said in a statement.
"We identified a small number of systems within Apple that
were infected and isolated them from our network. There is no
evidence that any data left Apple. We are working closely
with law enforcement to find the source of the malware."
Since Apple launched OS X Lion in 2011, it has shipped Macs
without Java. Apple's OS X automatically disables Java if it
has not been used for 35 days, as a security measure, Apple
Last week, Facebook reported that hackers planted malicious
software on a website frequented by developers who build
mobile software applications in a scheme known as a "watering
The world's largest social network said there was no evidence
that any of its members' information was compromised.
Java was developed in the early 1990s by Sun Microsystems,
which was bought by Oracle in 2009. In January, the
Department of Homeland Security issued a warning to disable
Java software in browsers unless "absolutely necessary," and
the head of Oracle's security for Java subsequently
acknowledged that the company needs to bolster public
confidence in the software.
Critics contend that Java has been poorly maintained by
Oracle. In the past three years, it has had at least 90
security vulnerabilities of medium to high severity,
according to a federal database that tracks such problems.