In association with heise online

20 February 2013, 10:13

iPhone developer site confirmed as corporate attack source - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iPhoneDevSDK confirmation
Zoom iPhoneDevSDK confirms it has been compromised
Twitter, Facebook and now Apple have found company laptops infected with malware that exploits a Java zero-day. The malware's launching point for its drive-by attacks has been confirmed as a forum site for iPhone developers –

A report from Bloomberg says the site was identified by investigators as having been used for a "waterhole" attack, where users are drawn to the site in question because of its content. In this case, it appears the target was iOS developers who used the site's forums to discuss developing for Apple's devices. has confirmed that it was compromised and that a single administrator's account was used to modify the site's theme and add malicious JavaScript to all the site's pages. The site says it believes the hacker removed the JavaScript on 30 January and that it only found out it had been compromised when it was identified in an AllThingsD article which cited Facebook. Anyone who accessed the site is advised to check for malware on their systems.

Apple is the latest company to reveal that it has found malware on some employees' laptops, apparently delivered using those drive-by attacks. The methodology appears to be very similar to that which Facebook revealed it had been subject to in January. Apple gave no time frame for when it was attacked, but, according to Bloomberg's sources, Apple was actually the first to discover the attacks, ahead of Facebook. Investigators said they suspected that the attacks were the work of Eastern European criminals rather than any state-sponsored hacking group.

In a brief statement, Apple said it had "identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple." Apple has also released an update to its Java 6 in Mac OS X which completely removes Java plugin support and directs users to Oracle for their Java 7 and plugin support. Oracle, who released an emergency patch for fifty vulnerabilities on 1 Feb – in what appears to have been a response to the Facebook and Apple attacks – has released an updated version of that emergency patch with a handful of critical holes also closed.

Update - Microsoft has confirmed that its Mac business was also a victim of the attack. In a Technet blog posting, Microsoft said a small number of machines had been infected but there was "no evidence of customer data being affected".


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit