The Inquirer-Home

Compromised admin account was the source of Apple, Facebook and Twitter exploits

Hackers used an admin account on to inject Javascript
Thu Feb 21 2013, 18:11
malware virus security

SOFTWARE DEVELOPER WEBSITE has admitted that it might have been the source of a malware attack that exploited vulnerabilities in Mac OS X to infect machines at major technology firms including Apple, Facebook and Twitter.

Apple acknowledged falling victim to the attack on Wednesday, due to exploits that also affected Facebook and Twitter in the past month.

Administrator of Ian Sefferman said in a post on the website on Wednesday that hackers were able to compromise his account at the website and distribute malware that exploited zero day vulnerabilities in Adobe Flash and Java plug-ins.

"The hackers used this account to modify our theme and inject Javascript into our site," Sefferman wrote in the blog post. "That Javascript appears to have used a sophisticated, previously unknown exploit to hack into certain users' computers."

Sefferman admitted that the team is still trying to determine the exploit's timeline and details, but it appears as though the hacker ended the attack on 30 January, 2013. He also apologised for the "inconvenience" and added that they will work "tirelessly" to ensure users' data is secure.

According to an unidentified Apple source, the exploit was used against it and its customers' hardware and was "the first really big attack on Macs".

Apple said it is confident that no data was lost or stolen. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," it said in a statement.

F-Secure security researcher Sean Sullivan noted on the F-Secure blog that the attacks showed a high degree of planning and skill, using previously unknown vulnerabilities and targeting high-value users.

"Macs typically account for about 15 percent of internet users, making them too small a target to attract the attention of most hackers," Sullivan wrote. "But in the 'developer world', Macs have a much higher percentage of market share. In Silicon Valley we'd guesstimate [that] it's probably the inverse of the real-world: 85 percent." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015