iPhone developer site confirmed as corporate attack source - Update
Twitter, Facebook and now Apple have found company laptops infected with malware that exploits a Java zero-day. The malware's launching point for its drive-by attacks has been confirmed as a forum site for iPhone developers – iphonedevsdk.com.
Apple is the latest company to reveal that it has found malware on some employees' laptops, apparently delivered using those drive-by attacks. The methodology appears to be very similar to that which Facebook revealed it had been subject to in January. Apple gave no time frame for when it was attacked, but, according to Bloomberg's sources, Apple was actually the first to discover the attacks, ahead of Facebook. Investigators said they suspected that the attacks were the work of Eastern European criminals rather than any state-sponsored hacking group.
In a brief statement, Apple said it had "identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple." Apple has also released an update to its Java 6 in Mac OS X which completely removes Java plugin support and directs users to Oracle for their Java 7 and plugin support. Oracle, who released an emergency patch for fifty vulnerabilities on 1 Feb – in what appears to have been a response to the Facebook and Apple attacks – has released an updated version of that emergency patch with a handful of critical holes also closed.
Update - Microsoft has confirmed that its Mac business was also a victim of the attack. In a Technet blog posting, Microsoft said a small number of machines had been infected but there was "no evidence of customer data being affected".