Published February 20, 2013
Apple (AAPL) joined a growing list of technology companies that already includes Facebook (FB) and Twitter hit by recent cyber attacks. Apple, in a statement Tuesday, wrote that it "has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. …There is no evidence that any data left Apple."
There are conflicting reports of the origin of the attacks in each of these cases, with speculation that the culprits sat in China, Russia or even Eastern Europe. But the common denominator in all of the attacks is the abuse of Java software an the entry point into internal systems.
Last week, Facebook revealed it had been the target of a sophisticated attack. It, like Apple, found that Oracle’s Java software was exploited. It wrote: “After analyzing the compromised website where the attack originated, we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”
Twitter recently had more than 250,000 accounts compromised and encouraged users to disable Java, as well. This just weeks after the Department of Homeland Security issued a warning about Java security lapses, saying “Unless it is absolutely necessary to run Java in web browsers, disable it.”
Oracle, which has not responded to requests for a comment, subsequently updated its software to patch the issue. But even the DHS acknowledged that other vulnerabilities may pop up in the future even with a patch.
Java is a widely used computer programming language used on the web. Its popularity stems from being accessed by multiple browsers and computer types, making it a universal language. This can also make it ripe with problems. Oracle released data that over 850 million PCs and Macs currently use the program, making any widespread lapse in security a problem of an immense scale. An “audience” that large also makes an attractive target to malicious attackers.
In fact, the issues with Java have been so pervasive that Kaspersky Security has deemed 2012 “the year of Java vulnerability” with over 50% of threats originating through Java.
Security experts and the Department of Homeland Security recommend disabling Java or limiting it to only websites you select. To completely disable Java, you can follow these simple steps or check out Java’s website for specific directions: