The same group of hackers that attacked Facebook last month also successfully attacked Apple, the company revealed today.

The Cupertino, Calif.-based technology giant told the Reuters news agency that while its networks were successfully breached, there was "no evidence that any data left Apple."

It's almost exactly the same wording used by Facebook last week when it disclosed it had also been hacked.

A small number of the company's employees Mac computers were hit by the hack, which exploited a vulnerability in the Java Web plug-in.

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.

Haven't seen the tool show up in Software updates, which would be the obvious place to distribute it. I think I do have java installed too (MInecraft y'know). However I'm not sure how shipping a malware removal tool to their users helps with a malware infection that happened to their internal developers...

The malware was hosted on an infected iOS developer resource website, so any iOS developer who visited the site with a Mac and who hadn't disabled Java could be infected.

This site, apparently: http://iphonedevsdk.com/

Don't worry, I'm sure it's fixed now!

It's not fixed. The web site holders aren't very tech savvy and only realised their site had been hacked when they heard about it in the press. Apparently they're now working with Facebook's system engineers to clean& harden their site.. Stay away for the forseeable.

Ian Sefferman runs iPhoneDevSDK, a widely used forum for developers interested in the iOS platform and App Store. The site has 200,000 registered accounts, and unknown hackers commandeered a single admin account on the forum to gain access to the site’s code and inject a sophisticated JavaScript exploit. “As the most widely read dedicated iOS developer forum, we’re targeted for attacks frequently,” said Sefferman in a forum post. What’s interesting is that Apple never reached out to Sefferman about the hack before going public with the news yesterday.

MS too

http://www.bbc.co.uk/news/technology-21556611