Apple (AAPL) said Tuesday that a limited number of its employees computers were infected with the same malware that compromised Twitter and Facebook (FB) networks late last week. The malware infected a small number of Apple Mac systems through a vulnerability in a version of Oracle’s Java software used as a plug-in on Web browsers, the company confirmed.
In a media statement Apple said that it has “identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a Web site for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
Apple added that is has released an updated Java malware removal tool that will check Mac systems and remove this malware if found. The tech giant gave no time frame for when it was attacked.
Apple is the latest tech company to reveal that it has found malware on some employees’ computers. On Friday, Facebook said on its security blog the company discovered that its system had been targeted in a ‘sophisticated attack’ in January.
Citing sources close to the Facebook hacking investigation, AllThingsD called ‘iPhoneDevSdk’, a site frequented by iOS developers (Note: the site should not be visited as its code may still be compromised) as a possible source of the hacks on both Apple and Facebook. The source guesses that malicious code was injected into the website’s HTML and made its way to infect employee laptops, as mentioned, via a Java plugin.
The owner of the ‘iPhoneDevSdk’ reached out to AllThingsD and provided the following statement:
“We’re investigating Facebook’s reports that iPhoneDevSDK was hosting an exploit targeted at Facebook employees. We’re actively ensuring that is not the case. Facebook originally noted that they immediately reached out to other affected companies, but we were never contacted by Facebook, any other company, or law enforcement. Our users’ security is incredibly important to us and we’ll be sure to follow the investigation through to completion.”
According to a Bloomberg report, Apple was actually the first to discover the attacks, ahead of Facebook. The report notes that investigators suspect that the attacks were linked to an Eastern European gang of hackers trying steal company secrets, rather than any state-sponsored hacking group.