Microsoft's Macs Hacked in Java Attack.
Microsoft's Macs Hacked in Java Attack.
In yet another round of Friday-afternoon security disclosures, Microsoft today (Feb. 22) admitted that it had fallen
victim to the same Java-based malware attacks that plagued Twitter, Facebook and Apple.
"As reported by Facebook
and Apple, Microsoft can confirm that we also recently experienced a similar
security intrusion," wroteMicrosoft Trustworthy Computing
Security General
Manager Matt Thomlinson in a Microsoft company
blog posting put up at
5:45 p.m. ET.
Even more significantly, it wasn't Microsoft's Windows computers
that were hacked so much as it was Microsoft's Macs.
"We found a small number
of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those
documented by other organizations," Thomlinson wrote. "We have no
evidence of customer data being affected and our investigation is
ongoing."
Late last Friday (Feb. 15), Facebook dropped the news that its network had been penetrated
in January by malicious software that infected some of its computers.
Facebook disclosed more than
did Twitter, Apple or indeed Microsoft; it chronicled how
an infected website had exploited a flaw in Java
software to get
through browser security, and said that other companies had been affected as
well.
It's not clear whether Macs were more susceptible than other
machines to the Java flaw,
which was fully patched by Java maker Oracle on Feb. 1. (All the infections
presumably took place last month.)
But Apple laptops are popular among social-media software
developers, and no other kind of machine has been mentioned in any of the
Java-related disclosures.
Java is a self-contained software platform that lets applications,
especially Web-based ones, run equally well on Windows, Mac OS X or Linux.
That makes it ideal for malware writers, who can be sure their
malicious code will attack anything.
Unless you're a Web
developer, use specialized Web tools or need to often run Web-conferencing
software, there's little reason to have Java in your browser. We've written a guide on how to
disable it.
Comments