Apple today reported a security breach in a “small number” of computers today that took advantage of a Java exploit. As Reuters originally reported, the company says “there was no evidence that any data left Apple,” and no user information is said to have been compromised in the attack. However, Apple did make mention of a correlation between this attack and the attack on Facebook and Twitter, as well as other corporations in the United States and is currently working with law enforcement to track down the hackers responsible.
A software patch will be issued later today to Apple’s internal and consumer systems in order to address that and any other problems. Apple’s statement about the breach is available, after the break.
Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.