All the latest UK technology news, reviews and analysis


Apple, Facebook and Twitter hacks caused by compromised admin account

21 Feb 2013
security risk management

Developer site iPhoneDevSDK has admitted it may have been the source of malware that allowed attackers to compromise tech firms including Apple, Facebook and Twitter.

Attackers were able to compromise an administrator account for the website, which is hugely popular with iPhone developers, and covertly distribute an exploit which targeted zero-day vulnerabilities in Adobe Flash and Java plugins.

“The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers,” wrote iPhoneDevSDK administrator Ian Sefferman.

“We're very sorry for the inconvenience - we'll work tirelessly to ensure your data's security now and in the future,” he added.

The attacks show a high degree of planning and skill, using previously unknown vulnerabilities and targeting high-value users, noted Sean Sullivan, a security researcher at F-Secure.

As Macs typically account for about 15 percent of internet users, making them too small a target to attract the attention of most hackers, Sullivan wrote on the F-Secure blog.

"But in the 'developer world', Macs have a much higher percentage of market share. In Silicon Valley we'd guesstimate it's probably the inverse of the real-world: 85 percent," he wrote.

"As such, there is relatively high motivation for bad guys to develop 'sophisticated' attacks that incorporate Mac-based payloads."

Apple, Facebook and Twitter have all subsequently confirmed that a handful of their staff had their laptops compromised, suggesting the attackers' tactics paid off. All three have claimed no personal data had been put at risk.

The attacks also raise questions about Apple's patching policy, and how much Apple knew about the potential risks before the attacks took place, said F-Secure's Sullivan.

“Apple began removing old versions of Java from Macs when people updated OS X in October 2012. Was that a proactive or reactive decision? How many times has Apple been compromised?” he asked.

Apple had not immediately responded to V3's request for comment on Sullivan's concerns.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
22%
6%
3%
2%
67%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Service Desk / Helpdesk Analyst - MS Windows, Office, Blackberry

Service Desk / Helpdesk Analyst - MS Windows, Office...

Network Infrastructure Analyst - Cisco, CCNP, MPLS, VOIP

Network Infrastructure Analyst – Cisco, CCNP, MPLS, VOIP...

Service Desk Analyst - Windows, Citrix, MS Office, ITIL

Service Desk Analyst – Windows, Citrix, MS Office, ITIL...
To send to more than one email address, simply separate each address with a comma.