Mac/Apple attack - Update!
Feb 20, 2013 9:09:12 GMT
Post by CharlieChomper on Feb 20, 2013 9:09:12 GMT
I haven't heard this having actually affected individual Mac users as they weren't the ones actually targeted in the attack based upon what's known so far. However, for those who haven't heard, Apple became the latest victim of a major cyber attack. It remains unclear and unknown as to what the attackers may have been after or have gotten access to (aside from causing a major disruption).
However--unlike in the recent situation with Facebook where it's partly suspected that the attackers may have gotten in via malware that some employees may have unknowingly had gotten through visiting some let's just say "questionable" links or sites using their work computers, along with the company also being targeted specifically--in the case of Apple, it appears that the attack was deliberate in targeting them. It also had affected copies of OS X running on their employees' computers there.
This may sound shocking to some as there is a common belief amongst some people out there (including the Mac community) that Macs are somehow "immune" to such things or even malware in any form (or that somehow this "only" happens to Windows--in fairness, I've heard this same argument countless times from many 'nix/Linux users as well) but the reality is that they aren't nor is this the first time that there has been a major security breach with OS X/Macs.
In fact, it happened fairly recently to where Apple was forced to release an emergency patch to prevent it from affecting most of its userbase (for better or worse, Apple has had a history--that I'll also point out is not unique to them--of "'better' security through obscurity" meaning that they think that so long as the issue isn't well-known, somehow it "lessens" the risks and therefore they shouldn't have to deal with it (or as I sometimes like to call it as well, the "ostrich approach" of burying one's head in the sand and hoping the issue never surfaces/goes away but in reality continues to remain) or naively thinking that somehow the issue won't be located by those looking to cause harm in some fashion. Unfortunately, as has often been the case, this approach is never successful and is amongst the reasons why most of the reputable security groups and even the self-professed "black hats" out there usually send out multiple "reminders" of the problem to the various groups and companies with the issue to get it addressed as they know eventually someone will find the exploit or problem and will do something about it that will negatively impact anyone using it in some way. After a certain length of time, if nothing still gets done, then they increase the pressure or (as is often the case of the "black hats") may go public with the information to force a "fix" (with the black hats, they sometimes will go into great detail about it at their annual conference to point out the issue and how to exploit it to try and force the company or group/organization to address it and fix it or make users aware of it in some cases). In Apple's case, it led to their release of an emergency patch (although, some of their users were still affected by it as they failed to install the patch or willfully chose not to do so and had their computers compromised as a result--the figure of those affected was significant)).
That being said, as I mentioned earlier, this is not an attitude that is unique to Macs/the Mac community nor is Apple's approach to dealing with security issues unique to them... It is also not a slight against that platform (which I also work with, incidentally), but just something to be aware of and that they are vulnerable as well.
Edited to add in an update given new information: It appears that as with Facebook, the attackers also appear to have gotten in via the same malware through an exploit that exists in Java (ironically, the same exploit that caused a warning notice to be posted a few weeks ago telling users to disable it until Oracle--who now owns Java--actually does something about fixing it).
To shed some light into this (and going back to the idea that sometimes it isn't a platform issue but could happen to anyone type of situation) and why this is significant, Java has historically been considered a "universal" programming language (in that it will run on almost any platform/is platform "independent"/"neutral" and generally should behave/react in the same ways--think of it as the vanilla ice cream atop any type of dessert out there, if operating systems were desserts (not the best of analogies, I'll admit but it's the closest one I can think of at the moment) of where it tastes/acts the same regardless of what it's atop of). So, if there is a vulnerability such as this one, it doesn't just affect one operating system but has the potential to affect countless others that are also running Java as they all contain that same issue--at least, until whenever Oracle gets around to addressing this!
On a related note, for those who haven't already done so, I would strongly recommend (regardless of what operating system you're using), disabling your Java plugin until Oracle fixes this.
However--unlike in the recent situation with Facebook where it's partly suspected that the attackers may have gotten in via malware that some employees may have unknowingly had gotten through visiting some let's just say "questionable" links or sites using their work computers, along with the company also being targeted specifically--in the case of Apple, it appears that the attack was deliberate in targeting them. It also had affected copies of OS X running on their employees' computers there.
This may sound shocking to some as there is a common belief amongst some people out there (including the Mac community) that Macs are somehow "immune" to such things or even malware in any form (or that somehow this "only" happens to Windows--in fairness, I've heard this same argument countless times from many 'nix/Linux users as well) but the reality is that they aren't nor is this the first time that there has been a major security breach with OS X/Macs.
In fact, it happened fairly recently to where Apple was forced to release an emergency patch to prevent it from affecting most of its userbase (for better or worse, Apple has had a history--that I'll also point out is not unique to them--of "'better' security through obscurity" meaning that they think that so long as the issue isn't well-known, somehow it "lessens" the risks and therefore they shouldn't have to deal with it (or as I sometimes like to call it as well, the "ostrich approach" of burying one's head in the sand and hoping the issue never surfaces/goes away but in reality continues to remain) or naively thinking that somehow the issue won't be located by those looking to cause harm in some fashion. Unfortunately, as has often been the case, this approach is never successful and is amongst the reasons why most of the reputable security groups and even the self-professed "black hats" out there usually send out multiple "reminders" of the problem to the various groups and companies with the issue to get it addressed as they know eventually someone will find the exploit or problem and will do something about it that will negatively impact anyone using it in some way. After a certain length of time, if nothing still gets done, then they increase the pressure or (as is often the case of the "black hats") may go public with the information to force a "fix" (with the black hats, they sometimes will go into great detail about it at their annual conference to point out the issue and how to exploit it to try and force the company or group/organization to address it and fix it or make users aware of it in some cases). In Apple's case, it led to their release of an emergency patch (although, some of their users were still affected by it as they failed to install the patch or willfully chose not to do so and had their computers compromised as a result--the figure of those affected was significant)).
That being said, as I mentioned earlier, this is not an attitude that is unique to Macs/the Mac community nor is Apple's approach to dealing with security issues unique to them... It is also not a slight against that platform (which I also work with, incidentally), but just something to be aware of and that they are vulnerable as well.
Edited to add in an update given new information: It appears that as with Facebook, the attackers also appear to have gotten in via the same malware through an exploit that exists in Java (ironically, the same exploit that caused a warning notice to be posted a few weeks ago telling users to disable it until Oracle--who now owns Java--actually does something about fixing it).
To shed some light into this (and going back to the idea that sometimes it isn't a platform issue but could happen to anyone type of situation) and why this is significant, Java has historically been considered a "universal" programming language (in that it will run on almost any platform/is platform "independent"/"neutral" and generally should behave/react in the same ways--think of it as the vanilla ice cream atop any type of dessert out there, if operating systems were desserts (not the best of analogies, I'll admit but it's the closest one I can think of at the moment) of where it tastes/acts the same regardless of what it's atop of). So, if there is a vulnerability such as this one, it doesn't just affect one operating system but has the potential to affect countless others that are also running Java as they all contain that same issue--at least, until whenever Oracle gets around to addressing this!
On a related note, for those who haven't already done so, I would strongly recommend (regardless of what operating system you're using), disabling your Java plugin until Oracle fixes this.