Andrew Kunesh, February 19, 2013
The recent Twitter, Facebook and Apple hacks may have been caused by a Java exploit found on the iPhone development forum iPhoneDevSDK, according to reports. The website was reportedly laced with malware that was installed on computers at Apple, Facebook and Twitter. The malware was able to get into the infected computers because of a “zero-day” Java exploit that opened way for the attacks.
Note: Do not, under any circumstance, attempt to visit the iPhoneDevSDK forum. The website may still be infected with the malware.
This hack is an example of a “watering hole” attack, which targets a specific group of users. It would make sense for the hackers to use a widely used iPhone development forum to install malware as developers from high profile social networks like Twitter actively use the website for assistance, and insights into projects they may be working on at the time.
The aftermath of these attacks have been very widespread over the past month. Twitter forced roughly 250,000 users to change their passwords due to possible data leaks. Facebook had some company computers hacked, but reportedly had no information leaked. Apple announced today that it had computers affected by the attack, but that no information left Apple and that the infected computers were isolated on Apple’s network. The company also pushed a fix to all Mac users today.
Image Credit: PitelFollow @macgasm