Apple moves to close Java hack flaw after intrusion

  • Published
Apple logo
Image caption,
Apple has released a patch for users of its Mac operating system

Less than 24 hours after admitting some of its employees computers had been hacked, Apple has pushed out a security update to users of its Mac computers.

The patch fixes issues surrounding Java, a popular programming language that had a major security hole allowing malicious code to infect machines.

Apple was among several companies targeted in recent weeks by hackers exploiting the Java weakness.

One expert criticised Apple, saying it "could have been quicker" to act.

Both Facebook and Twitter have made recent admissions of being hacked - with Twitter having to email thousands of users with instructions on how to reset their passwords.

In Tuesday's statement, Apple made a rare admission of a breach.

"We identified a small number of systems within Apple that were infected and isolated them from our network," the company said.

"There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."

The iPhone-maker went on to say it would be releasing a security patch - which it has now done. Users will be automatically informed about the update.

'Laid back'

But Graham Cluley, from security firm Sophos, has accused Apple of being slow to react.

He said Java developer Oracle had released its own fix at the beginning of the month after having discovered exploits that were "in the wild" - a term given to vulnerabilities being used by hackers.

"Whether they were the same exploits as the ones that hit Apple is a little bit unclear," Mr Cluley told the BBC.

"But it does look like they could have been quicker on this. There has been a history of Apple being a little laid back on patches."

The patch means users will have the most up-to-date version of the Java platform. Additional measures, which had already been in place for most Mac users, included automatically disabling Java if it is not used for 35 days.

Java should not be confused with a different programming language, Javascript, which is also used extensively across the web but is not implicated in these latest security issues.

Unsure origin

A major report released on Tuesday accused a unit working for the Chinese People's Liberation Army of being behind many of the world's attacks.

On Wednesday, a different security firm, speaking to Bloomberg, speculated that the attacks on Facebook, Apple and Twitter may have actually originated from Eastern Europe.

Mr Cluley told the BBC it is difficult to pinpoint the source of attacks: "It is very hard to prove where a hack really has originated from.

"Even if it comes from a Chinese computer - it could have been a hijacked Chinese computer.

He suggested that it was likely most developed countries in the world were engaging in some cyber-activity - including the UK.

"In the past [Foreign Secretary] William Hague has said he would take pre-emptive strikes against foreign hackers if necessary.

"We've well and truly entered this new era of cybercrime. It's now very much about stealing information, spying and of course intelligence services care a lot about that."