Apple will issue a tool for removing a malware infection that was used by hackers to access its employees' Macs, the company said yesterday.
The malware, which exploits a zero-day flaw in the Java browser plug-in and affects Apple's Mac computers, was also involved in the security breach at social network giant Facebook last week. It has been linked to a website for software developers that is believed to have been compromised.
According to reports, that site is called iPhoneDevSDK. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," Apple said in a statement.
"The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network.
"There is no evidence that any data left Apple," the company said.
Speculation over the source of the attacks is rife. The news coincides with reports of attacks on US newspapers including the Wall Street Journal, the New York Times and the Washington Post that appear to have originated in China and a report from cyber security vendor Mandiant that claims to have identified a secret cyber attack unit in the Chinese army.
However, there is no evidence linking the Apple / Facebook attack to China.