Hackers 'drawn to Macs' as Apple admits employee computers infected

Mac computers belonging to a number of Apple employees were infected with Java-related malware when the employees visited a software development website, Apple has revealed.

Apple: attracting hackers?

The disclosure follows a similar Java-related cyber attack against Facebook which came to light last week.

Apple did not disclose how many employees' computers were infected or when. It issued a software fix on Tuesday aimed at customers who already had installed Java on their Macs.

Apple iPhones and iPads do not appear to be infected.

Windows-based operating systems have been the most popular targets of hacker attacks, said the San Jose Mercury News.

But hundreds of thousands of Mac computers were hit last year with a Trojan horse virus called "Flashback" and the latest cyberattack is a troubling sign, said the writer.

"Definitely, Macs are not as secure as they were previously," said Liam Murchu, a researcher with Symantec. "Until last year, we hadn't seen a lot of Mac threats. This showcases that Macs are not invulnerable."

Neil Cook, chief tech officer for Cloudmark, which works on Internet security issues, said Apple's rising popularity makes it a bigger target for hackers.

"Apple's market size has always lagged behind," Cook said. "Now one in every three laptops sold is a Mac so they've become extremely mainstream and they've entered that sweet spot that hackers are looking for."

Tech industry blog AllThingsD said both the Apple and Facebook attacks may have stemmed from one compromised website related to mobile development.

AllThingsD, citing sources close to the Facebook hacking probe, identified the site as iPhoneDevSDK - and said it could also be connected to a recent Java-related Twitter hack that may have accessed up to 250,000 user names and passwords.

Java was developed in the early 1990s by Sun Microsystems, bought by Oracle in 2009.

In January, the US Department of Homeland Security warned users to disable Java software in browsers unless "absolutely necessary." .The head of Oracle's security for Java later acknowledged that the company needs to bolster public confidence in the software.

Critics have said Java has been poorly maintained by Oracle and over the past three years has had at least 90 security vulnerabilities of medium to high severity, according to a US federal database.

President Obama last week asked Congress for tougher legislation to protect American interests from cyber attacks.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.