Apple Hit by Same Java Exploit as Facebook in Largest-Ever Cyber Attack on Corporate Mac Computers
Add Apple to the list of high-profile companies hit by hackers as of late, right on the heels of a similar attack on Facebook just last week. According to Reuters, this is the widest known cyber attack to ever target corporate Apple computers.
In other words: This is a big deal.
For both Facebook and Apple, the hacks originated in a Java software plug-in. I discussed the importance of Java vulnerabilities earlier in the blog here, and to recap, Java is a programming language and computing platform that runs on practically every device in your home and office. This is also true for large corporations – including Apple, Facebook, and practically every other company you interact with or buy from.
In this case, hackers were able to infect the computers of Apple and Facebook employees when they visited a developer website that was infected with malicious software (malware). This malware was specifically designed to infect Mac computers, something that up until now has been a rare occurrence–especially in high-profile corporate environments like Apple HQ.
And the hack doesn’t stop with Apple and Facebook. In early February, Twitter also reported a breach caused by the same malicious software. Unlike the Apple and Facebook hacks, however, the Twitter breach may have leaked the information of close to 250,000 users. This is particularly troubling when you consider the fact that these are only the reported attacks, and the full scale of the campaign is still unknown.
The Big Picture: What This Means, and What You Can Do About It
I wrote a blog post late last week entitled “Can My Apple Devices Get Hacked?,” and I think we can all now agree that the answer is an absolute yes. This is the first significant attack on corporate Mac computers, and it shows that cybercriminals will continue to invest time and money on the Apple operating system moving forward. But this exploit doesn’t just affect Apple enthusiasts, and Windows owners should note that there is a version that infects PCs as well.
Ultimately, this is a wake-up call for all of us to pay more attention to security and online safety best practices–from the most novice home computer users to seasoned developers at Facebook, Twitter, and Apple HQ.
To protect your home devices (PCs, Macs, smartphones, or tablets) against this attack, we recommend the following steps:
1. Disable or remove Java from your primary web browser. You can find detailed instructions on how to do this in my previous blog post on the topic, here. Note that hackers are on the lookout for unsuspecting victims typing in search terms like “Java update” or “Java virus,” so use caution when looking for ways to update your software. Here is a link to the actual Java homepage, which also provides instructions on how to update or disable Java from your browser.
2. Install McAfee SiteAdvisor software. This is a free browser plug-in provided by McAfee, and it will help protect your computer if, for example, you type in “Java update” and are led to malicious search results on Google or Bing. McAfee SiteAdvisor is available for both PCs and Macs, and it works by alerting you to risky sites with small rating icons beside your search results.
3. Keep all software up-to-date. Trust me, when a large company like Apple suffers a large-scale attack, they care. Somewhere in a West Coast office, there’s an entire security team awake at 3am working hard to make sure a breach like this is unlikely to happen again. The result is a software update that will probably pop up on your computer, tablet or smartphone within a few days. Do not put this (or any) update off. That 2-minute update could save you countless hours (and a lot of money) as you try to fix your machine and recover lost data.
4. Download security software. I realize that this piece of advice is coming from a security software company–but I mean it. This is the #1 most effective way to protect every device in your home. Solutions like McAfee All Access can protect your PCs, Macs, smartphones, and tablets with the maximum level of protection that can be delivered to each device. In fact, we’re currently running a promotion for 50% off McAfee All Access (you can access the download here), which I urge everyone to take advantage of if you haven’t already installed security software.