What We Know About Apple’s Malware Breach
Posted on February 20th, 2013 by Lysa Myers
The coverage surrounding Apple’s recent malware-related breach has been maddeningly sparse and has led to as much misinformation as valid, useful information. Normally, in the wake of malware incidents, information and samples travel quickly through the security community so that everyone can make sure our users are protected. But as of this moment, there is more rumor and innuendo than fact about what actually happened. And rather than directly contacting the owner of the affected sites so they can clean things up and protect their users, site owners are just now hearing the news from journalists.
The current theory is that this malware was spotted on an iPhone developer’s forum, where developers working for at least Facebook, Twitter, and Apple were infected by way of a Java exploit. If this is the case, the attack was not so much targeted as it was going after a niche market. The breach caused by the malware probably did not leak any customer data (it would be unusual for developers to have that info), but it remains to be seen what effect the attackers had on the machines they infiltrated. The exploit may have been a zero-day threat that may have been patched by the latest Oracle and Apple updates.
This attack may have been planted by malware authors from Eastern Europe (probably not China) and may have led infected users to install what we detect as OSX/Pintsized.A. If so, the threat has been effectively neutralized for the time being, as the controllers’ servers have been sinkholed. This is not something the average home user would likely have to worry about, at least for now.
What we do know is this:
- Java is still causing a lot of malware problems for people.
- Everyone should update to the latest Java version at the very least, or remove Java if you’ve not already done so.
- If you’re still running Java 6, run Apple’s Java update for its malware removal tool.
AV is meant to detect known-bad things, and as this was previously unknown, odds are it would not have caught this. Firewalls are meant to detect unknown network traffic and would likely have alerted on this. By having layered security on your machine, you increase the chances of being able to prevent incidents like these.