SOFTWARE DEVELOPER WEBSITE iphonedevsdk.com has admitted that it might have been the source of a malware attack that exploited vulnerabilities in Mac OS X to infect machines at major technology firms including Apple, Facebook and Twitter.
Apple acknowledged falling victim to the attack on Wednesday, due to exploits that also affected Facebook and Twitter in the past month.
Administrator of iphonedevsdk.com Ian Sefferman said in a post on the website on Wednesday that hackers were able to compromise his account at the website and distribute malware that exploited zero day vulnerabilities in Adobe Flash and Java plug-ins.
Sefferman admitted that the team is still trying to determine the exploit's timeline and details, but it appears as though the hacker ended the attack on 30 January, 2013. He also apologised for the "inconvenience" and added that they will work "tirelessly" to ensure users' data is secure.
According to an unidentified Apple source, the exploit was used against it and its customers' hardware and was "the first really big attack on Macs".
Apple said it is confident that no data was lost or stolen. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," it said in a statement.
F-Secure security researcher Sean Sullivan noted on the F-Secure blog that the attacks showed a high degree of planning and skill, using previously unknown vulnerabilities and targeting high-value users.
"Macs typically account for about 15 percent of internet users, making them too small a target to attract the attention of most hackers," Sullivan wrote. "But in the 'developer world', Macs have a much higher percentage of market share. In Silicon Valley we'd guesstimate [that] it's probably the inverse of the real-world: 85 percent." µ