In what Reuters is describing "an unprecedented disclosure", Apple fell prey to the same security vulnerability that hit Facebook. Of particular interest this time around, is the fact that the malware was tailor-made for Macs.
"The only thing that was making it [Mac OSX] safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Charlie Miller, co-author of the Mac Hacker's Handbook.
Apparently some of Apple's employees had their Macintosh computers infected with malicious software after visiting a developer's website. The culprit was revealed to a compromised web-browser plug-in of Oracle's Java.
An Apple spokesperson had this to say:
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. There is no evidence that any data left Apple."
Though Apple is quoted as saying that the offending software was also used to attack "other companies", it didn't provide any additional information. However one of the people investigating, claims the Twitter attack was part of the "same campaign".
Now The Verge is reporting that Apple has issued a security fix, and that the attacks are thought to have originated in Russia or Eastern Europe. It is thought that these attacks have different motives than the alleged state-sponsored attacks coming from China.