Reuters reports this morning that a “small number” of Apple’s corporate computers have been hacked by the same group that went after Facebook last month. “There was no evidence that any data left Apple,” a spokesperson told Reuters. In a statement to AllThingsD, the company said that the reason for the security breach was Oracle’s Java browser extension; this was the same security hole that Facebook’s computers had.
The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Even if data were to leave Apple’s corporate systems, it is unlikely this would mean harm to their users. The only way the end user could be harmed by such a breach is if the hackers were able to reach the company’s network and take control of its websites, or iTunes. Apple has not included the Java with any Macs built after the release of OS X 10.7 Lion. However, that does not mean that users cannot install it themselves. Through a security hole in Oracle’s software, hackers have been able to gain access to quite a few important corporations’ computers, so if you’re using this plugin, it is recommended that you simply go without it.
Apple told AllThingsD that it will be releasing a new software tool which automatically removes Java if it is not used for 35 days.