Industry News

Apple Employees Hacked via Java Plugin Exploit

Apple Employees Hacked via Java Plugin Exploit

Apple reported some of its employees were hacked through a Java plugin exploit served through a developer website, but no evidence of data theft was revealed.

The few computers compromised were unplugged from the network and are pending investigation as to the source of the attack. The company believes the malware was designed for other companies as well and that it’s part of a larger operation.

Apple Employees Hacked via Java Plugin Exploit“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” Apple said in a statement. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.”

Apple also emphasized the company has completely stripped Java from the default configuration of OS X Lion. If unused for 35 days, it will automatically be uninstalled. An update addressing the Java malware responsible for current issue was released to ensure that no other users are affected.

With security firm Mandiant saying that most recent hacking attacks originated from China – conducted by Unit 61398, the country’s People’s Liberation Army – experts assume the attack on Apple’s computers might have been orchestrated by the cyber espionage group. China said it had no part in these attacks.

“Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days,” said Apple.  “To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.”

In January, the U.S. Department of Homeland Security issued a warning that users should disable Java, as it can easily be weaponized and used for various attacks. Although it was referring to a different Java bug, the advice is still sound.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.