Following yesterday’s surprise announcement that multiple employee computers within Cuptertino had been compromised by a malicious zero-day Java exploit that was uploaded to an iOS developer forum, the owner of the attacked site has spoken out, claiming that not only did he have no idea he had been hacked… Apple never even contacted him to tell him.
Earlier today it was reported that Apple’s computers had been compromised by a zero-day exploit in Java. Apple quickly released an update to patch the flaw for all Macs, but not before some of its own employees had been hacked.
The hack in question affected more than just Apple; Silicon Valley giants like Facebook and Twitter were also compromised. How exactly were hackers able to gain access to some of the biggest tech companies’ computers? The source is a single web forum for iPhone development.
Hot on the heels of Oracle’s own update, Apple has released a Java for OS X 2013-001 software update for download that addresses the software vulnerability that compromised a number of their employees’ computers.
Following today’s big story that a number of employee computers within Apple were compromised following a zero-day Java exploit, Oracle has just released update 15 for Java 7 and update 41 for Java 6.
While there’s no specific mention of what has been updated, there’s excellent reason to believe it fixes the vulnerability that compromised both Apple and Facebook.
According to Apple, a “small number” of its employees computers were compromised due to a vulnerability in Java.
It appears that this zero-day exploit is the same one that resulted in a number of Facebook employees having malware installed on their laptops as a result of visiting a mobile developer website that had been compromised: Apple says their employees were infected “through a website for software developers.”
Apple released a small Java update for OS X users this Wednesday. The update effectively removed the Java applet plug-in that typically comes pre-installed in all web browsers on the Mac. Why? Well, Apple has been trying to distance itself from Java for quite some time, mainly due to the fact that most malware spreads via Java vulnerabilities.
Take the recent Flashback trojan, for example. Millions of Macs were comprised because hackers were able to exploit a security vulnerability in Java on the browser. You could visit a bad site with a corrupt Java applet and get infected. After this week’s update, Java is no longer included in browsers like Safari.
If you’re a Mac user on the Internet, chances are you’ve come across a few websites where embedded content isn’t displayed correctly. Instead you get an icon or an error message saying Missing Plug-In, often with few additional details about exactly what is missing.
While there’s no single installer which will solve all missing plug-in problems, there are a few common things to start with. If those don’t work you can delve deeper into non-common formats or the forgotten codecs of yesteryear.
According to a recent study, iPhone and iPad app development has a bigger learning than curve than any other mobile platform. It also costs developers more in terms of time and expenses to develop an iOS app than to create an Android, BlackBerry, or Windows Phone app.
Despite those challenges, iOS has boosted the popularity of Objective-C, the programming language used by Apple for both Mac and iOS development – making it the third most popular language with developers.
After a weekend deliberation, a federal jury in San Francisco handed Oracle a partial victory by finding Google guilty of copyright infringement yet remaining deadlocked on whether Google’s use of the Java APIs fell under “fair use.” The jury found that Google infringed a minimal amount of Java source code with Judge William Alsup indicating that Oracle would only be entitled to statutory damages as a result. This certainly wasn’t what Oracle was hoping for and when Oracle’s lawyer seemed to suggest they were entitled to more than just statutory damages, Judge William Alsup quickly put the kibosh on that notion based on the minimal amount of code infringed, stating what they’re seeking as “bordering on the ridiculous.”
Following two independent Java security updates and one last patch to detect and remove the Flashback trojan, Apple has released another software tool for getting rid of Flashback on a Mac running OS X Lion without Java installed.
Flashback is the name of a virus that was able to infect a Mac and link it up to a botnet of around 600,000 other Macs. If you’ve updated your Mac with the latest Java patch, you should be fine, but Apple has provided this new tool for safe measure to Mac users running Lion without Java already installed.
