Microsoft reports hack attack: Similar to Apple Mac, Facebook hacks

Malware said to invade via iOS developer site. Photo: Microsoft

WASHINGTON, February 22, 2013 — Microsoft announced today that some of its computers—notably a few located in its Apple Macintosh software business unit—had been infected via a Java vulnerability “similar to” the one that hit Apple and Facebook earlier this month.

Matt Thomlinson, General Manager of Microsoft’s Trustworthy Computing Security division provided some details in an email, stating that

“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion… During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing. 

“This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks.”

According to TNW (TheNextWeb.com), all three incidents “were perpetrated by utilizing a zero-day Java vulnerability injected into an iOS developer website without the owner’s knowledge.”

TNW further notes that the “vector” or entry point for all three attacks appears to have been “popular iOS development site iPhone Dev SDK,” providing a link to their February 20 article detailing how the attack unfolded. The initial Mac attack apparently occurred in January “but it looks as if it was ended voluntarily by the hacker on January 30th.”

Additional, apparently unrelated attacks, most recently involving Microsoft’s Azure service, were said to have occurred. But these reports would appear to be unfounded as the site is currently reporting an outage due to an expired certificate.

As we noted earlier this week in our Morning Market Maven column, Apple has already come up with a patch for its users who still run Java 6. This update, “patches 30 Java flaws in the version of Java 6 that Apple maintains for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and later, OS X Lion Server v10.7 and later, and OS X Mountain Lion 10.8 and later.”


Want to disable Java entirely on your Mac? Read all about it in this Communities article.


Our column also noted that for Mac users who have updated to Java 7, “Oracle has reacted swiftly to the recent Mac attack, making a new version of its Java Mac plugin available for download.


To download the current Java patch, click here to go to the Oracle Java site.


Read more of Terry’s news and reviews at Curtain Up! in the Entertain Us neighborhood of the Washington Times Communities. For Terry’s investing and political insights, visit his Communities columns, The Prudent Man and Morning Market Maven, in Business.

Follow Terry on Twitter @terryp17

 


This article is the copyrighted property of the writer and Communities @ WashingtonTimes.com. Written permission must be obtained before reprint in online or print media. REPRINTING TWTC CONTENT WITHOUT PERMISSION AND/OR PAYMENT IS THEFT AND PUNISHABLE BY LAW.

More from The Prudent Man
 
blog comments powered by Disqus
Terry Ponick

Now writing on investing, politics, music, movies and theater for the Washington Times Communities, Terry was formerly the longtime music and culture critic for the Washington Times print edition (1994-2009) before moving online with Communities in 2010.  

 

 

Contact Terry Ponick

Error

Please enable pop-ups to use this feature, don't worry you can always turn them off later.

Question of the Day
Featured
Photo Galleries
Popular Threads
Powered by Disqus