Website responsible for Apple and Facebook breaches reportedly discoveredFollowing Apple's Tuesday announcement that it was hacked by the same group of attackers who compromised Facebook systems late last week, it now appears that the website responsible for hosting the malware has been discovered.
Editor's Note: The website named below should not be visited as its code may still be compromised. It should also be noted that the site has not yet been proven to be the culprit.
Citing sources close to the Facebook hacking investigation, AllThingsD reports that iPhoneDevSdk, a site frequented by developers and employees from major tech firms as well as anyone interested in developing for the iPhone, was likely the website that affected users working for Apple and Facebook. The source guesses that malicious code was inserted into the website's HTML and made its way onto affected computers througha Java zero day flaw.
Most notably, Apple on Tuesday and Facebook on Friday revealed that a limited number of computers on their respective networks had been affected by malware installed maliciously through a Java zero day exploit.
Unlike targeted attacks, the purported iPhoneDevSdk method is called a "watering hole" attack, a name derived from the centralized and popular nature of the site which many people visit. The recent Twitter debacle, where over 250,000 accounts were potentially compromised due to the exploit, is also thought to be tied to the website's apparent breach.
Everyone knows about spearfishing now, said Facebook's Chief Security Officer Joe Sullivan. But being able to target a site on the internet its a really interesting idea that you could target people from there. You dont have to get someone to open the email or click on the link.
While the number of systems compromised remains unknown, the site in question is a popular destination for organizations interested in mobile development for the iPhone platform.
In response to the breach, Apple quickly released an update to Java for OS X that not only patches the previous exploit, but removes the Java web applet for added protection.