WASHINGTON, February 22, 2013 — Microsoft announced today that some of its computers—notably a few located in its Apple Macintosh software business unit—had been infected via a Java vulnerability “similar to” the one that hit Apple and Facebook earlier this month.
Matt Thomlinson, General Manager of Microsoft’s Trustworthy Computing Security division provided some details in an email, stating that
“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion… During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.
“This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks.”
According to TNW (TheNextWeb.com), all three incidents “were perpetrated by utilizing a zero-day Java vulnerability injected into an iOS developer website without the owner’s knowledge.”
TNW further notes that the “vector” or entry point for all three attacks appears to have been “popular iOS development site iPhone Dev SDK,” providing a link to their February 20 article detailing how the attack unfolded. The initial Mac attack apparently occurred in January “but it looks as if it was ended voluntarily by the hacker on January 30th.”
Additional, apparently unrelated attacks, most recently involving Microsoft’s Azure service, were said to have occurred. But these reports would appear to be unfounded as the site is currently reporting an outage due to an expired certificate.
As we noted earlier this week in our Morning Market Maven column, Apple has already come up with a patch for its users who still run Java 6. This update, “patches 30 Java flaws in the version of Java 6 that Apple maintains for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and later, OS X Lion Server v10.7 and later, and OS X Mountain Lion 10.8 and later.”
Want to disable Java entirely on your Mac? Read all about it in this Communities article.
Our column also noted that for Mac users who have updated to Java 7, “Oracle has reacted swiftly to the recent Mac attack, making a new version of its Java Mac plugin available for download.
To download the current Java patch, click here to go to the Oracle Java site.
Read more of Terry’s news and reviews at Curtain Up! in the Entertain Us neighborhood of the Washington Times Communities. For Terry’s investing and political insights, visit his Communities columns, The Prudent Man and Morning Market Maven, in Business.
Follow Terry on Twitter @terryp17
This article is the copyrighted property of the writer and Communities @ WashingtonTimes.com. Written permission must be obtained before reprint in online or print media. REPRINTING TWTC CONTENT WITHOUT PERMISSION AND/OR PAYMENT IS THEFT AND PUNISHABLE BY LAW.
