In a statement provided to The Verge, Apple says that hackers infected a "small number" of its computers in an attack that exploited a Java vulnerability. As Reuters originally reported, the company says "there was no evidence that any data left Apple," and no user information is said to have been compromised. Apple says the rare security breach utilized the same malware that was recently used to target Facebook and other companies. Despite being a high-profile target, the situation is highly unusual for Apple, and the company says it is working with law enforcement to track down those responsible.
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," the company said in its statement. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network."
"There was no evidence that any data left Apple."
Apple plans to release a software tool today to protect customers against malware used in the attack against it and Facebook.
The attack on Apple is just the latest in a string of cyber attacks that have targeted companies, publications, and government agencies in the US. Last week, Facebook admitted that its systems were targeted by a "sophisticated attack" last month after a handful of employees visited a compromised mobile developer website. Facebook said it had discovered no evidence that user data had been compromised. Similar attacks have recently targeted The Wall Street Journal, The New York Times, and Twitter.
Apple declined to comment further on the situation. The company's full statement can be read below:
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.
We'll email you a reset link.
If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.
Choose an available username to complete sign up.
In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.