Skip to main content

An employee cleans an advertisement at an Apple dealership in Wuhan, China in a file photo.

DARLEY SHEN/REUTERS

Apple Inc. was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date.

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement provided to Reuters.

The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp.'s Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook Inc., which the social network disclosed on Friday.

Story continues below advertisement

The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault.

But a person briefed on the investigation into the attacks said that hundreds of companies, including defence contractors, had been infected with the same malicious software, or malware.

The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products over the past couple of years as the company gained market share over Microsoft Corp.

"This is the first really big attack on Macs," said the source, who declined to be identified because the person was not authorized to discuss the matter publicly. "Apple has more on its hands than the attack on itself."

Charlie Miller, a prominent expert on Apple security who is co-author of the Mac Hacker's Handbook, said the attacks show that criminal hackers are investing more time studying the Mac OS X operating system so they can attack Apple computers.

For example, he noted, hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe Systems Inc.'s Flash software.

"The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Mr. Miller said.

Story continues below advertisement

Cyber-security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks.

Over the weekend, cyber-security specialists Mandiant reported that a secretive Chinese military unit was believed to have orchestrated a series of attacks on U.S. companies, which Beijing has strongly denied.

White House spokesman Jay Carney told reporters on Tuesday that the Obama administration has repeatedly taken up its concerns about Chinese cyber-theft with Beijing, including the country's military. There was no indication as to whether the group described by Mr. Mandiant was involved in the attacks described by Apple and Facebook.

An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs, saying he could not elaborate further on the statement it provided.

"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said.

"We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued.

Story continues below advertisement

The statement said Apple was working closely with law enforcement to find the culprits, but the spokesman would not elaborate. The Federal Bureau of Investigation declined to comment.

Apple said it plans to release a piece of software on Tuesday, which it said customers can use to identify and repair Macs infected with the malware used in the attacks.

Report an error
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies