Recent attacks on Apple
, and Twitter
may all be linked to a single website, say sources close to Facebook's hacking investigation, in touch with AllThingsD
. The site, iPhoneDevSDK, is regularly visited by mobile developers. Facebook is said
to have discovered that the site had malicious code inserted into its HTML, infecting Facebook workers as they visited it. It may or may not still be dangerous.
The Apple and Facebook attacks are known to be connected because Java and the same hackers were involved, but it's uncertain if any Apple workers picked up the malware from iPhoneDevSDK. Twitter has been guarded on how it was hit, but did advise people to disable Java in their web browsers, which may be a sign that the same exploit and possibly the same website were involved.
The Apple and Facebook hacks have been attributed to a Chinese group. If the iPhoneDevSDK connection is accurate, the hackers appear to have engaged in a "watering hole" attack, identifying a popular site and using it as a vehicle to distribute malware.