Earlier today it was reported that Apple’s computers had been compromised by a zero-day exploit in Java. Apple quickly released an update to patch the flaw for all Macs, but not before some of its own employees had been hacked.
The hack in question affected more than just Apple; Silicon Valley giants like Facebook and Twitter were also compromised. How exactly were hackers able to gain access to some of the biggest tech companies’ computers? The source is a single web forum for iPhone development.
A site called iPhoneDevSDK has been revealed as the means by which a dangerous exploit was injected via a Java plugin. We’re not linking to the site here because it could still contain malware. Apparently the site has gone under maintenance since the exploit was discovered earlier today.
This is an example of a “watering hole” attack. Instead of targeting specific individuals, the exploit was planted inside a common destination that many tech company employees visit on a regular basis. iPhoneDevSDK is a widely used forum for those who want to learn more about developing for the iOS platform. Both Facebook and Twitter have apps in the iOS App Store.
If you keep your Mac up to date, you’re safe from exploits such as this one.