Apple : Updated: Apple hacked in what could be the biggest attack on Mac computers ever |
| Updated: Apple hacked in what could be the biggest attack on Mac computers ever Posted:  Are Mac computers really any more secure than the machines' Windows counterparts? The answer these days seems obvious. Apple issued a statement Tuesday admitting that it had been targeted by hackers who infected computers on the company's own network with malware through a Java vulnerability. According to numerous reports, the same Java flaw was used to infect computers at Facebook last month, an attack that the social network company described on Friday. Though Apple reported that no data was compromised, Mac computers beyond Apple's walls could be infected. The Cupertino company released a new version of Java Tuesday afternoon designed to help mitigate any damage caused by the hack. Apple's statement"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," read a statement released by Apple. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple." That may not be all there is to it, though: According to Reuters, which claimed to have spoken with "a person briefed on the investigation into the attacks," this may be the biggest cyber attack yet on OS X. The Reuters source said that "this is the first really big attack on Macs," and that "Apple has more on its hands than the attack on itself." Indeed, Apple reportedly declined to disclose exactly how many companies were affected by attacks based on this Java exploit (or expand on its statement at all), but Reuters' source claimed that it was in the hundreds, and that some of those companies included defense contractors. Hide your PC, hide your MacApple said in its statement that it's working with Johnny Law to bring its attackers to justice, and noted that Mac computers have shipped without Oracle's Java since OS X 10.7 Lion was released in 2011. Users can of course install it themselves, but according to Apple, Java is also automatically uninstalled if it's not used for 35 days. Apple computers used to be considered more secure than Windows PCs, but that golden age for Apple is likely at an end. This latest attack by hackers is hardly an isolated case, though it's not as if OS X is the only system being targeted. Twitter was hacked earlier this month, and attacks on the New York Times and the Wall Street Journal preceded that. Reuters noted the increased tensions between Washington D.C. and Beijing, China, drawing a link between the White House's concerns with Chinese cyber-theft and the recent spate of attacks on U.S. computers. Additionally, AllThingsD reported that the hacks on Apple, Facebook and Twitter can be traced to one website - iPhoneDevSKD.com. (Note: This site may still host compromised code, so don't visit it). Considered a development "hub" for companies focused on mobile, Facebook employees who visited the site reportedly saw malicious code housed in the site's HTML to exploit a Java plug-in to infect their computers. The site not only welcomes those involved in mobile development but any organization interested in mobile. It's possible Apple and Twitter employees visited the site as well. iPhoneDevSKD Owner and Operator Ian Sefferman told AllThingsD that the site is investigating the Facebook report. |
| Apple iOS 6.1.2 fixes Exchange battery drain, but passcode weakness remains Posted:  Apple launched the iOS 6.1.2 software update today in order to resolve a battery drain issue experienced by those using a Microsoft Exchange calendar with the device. The modest bump, which also fixes the 'increased network activity' caused by the bug, was made available to iPhone, iPad and iPod touch users Tuesday afternoon. The documentation accompanying the update on Apple's support site simply says iOS 6.1.2 "fixes an Exchange calendar bug that could result in increased network activity and reduced battery drain." The tiny 12.8MB update can be downloaded over-the-air by entering the Settings menu and selecting Software Update. However, users must be logged onto a Wi-Fi network. Passcode weakness unaddressedHowever, it does not appear that the update has addressed the passcode vulnerability, which made it possible for the 4-digit code added to iOS devices to keep out prying eyes to be by-passed. The weakness, exploited through a complex sequence of button pushes gave access to an iPhone's call log, while also allowed the intruder to view photos, modify contacts and more. After admitting that it was working on a fix last week, Apple was expected to kill the flaw with this update, but tests on devices with iOS 6.1.2 already installed suggest that it is yet to be addressed. It also appears that the "Evasi0n" Jailbreak method posted last week has not been closed off at this point. For the jailbreak happy out there, a member of the group of developers that issued the popular iOS 6.1 "evasi0n" jailbreak took to Twitter to announce that an updated version compatible with the newest OS iteration will be available sometime today. That team works fast. |
| You are subscribed to email updates from TechRadar: All latest Apple news feeds To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
No comments:
Post a Comment