iOS Developer Site At Core of Facebook, Apple Watering Hole Attack

msm1267 writes "The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers' forum called iphonedevsdk which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond the big three. It's not clear whether the site remains infected, but researcher Eric Romang dug into the situation and determined that the site was hosting malicious JavaScript that was redirecting visitors to another site, min.liveanalytics. That site had been hosting malware as of Jan. 15."

Obligatory

[bigredradio]

Where's your God now?

Re:Obligatory

[gstoddart]

Where's your God now?

Smoking bong hits, laughing hysterically, and trying to figure out how else to fuck with us. ;-)

Re:Obligatory

[crutchy]

Where's your God now?

he died in october 2011... duh!

what rock have you been living under?

Re:Obligatory

Don't think of it as an asteroid impact, think of it as a polite inquiry into the progress of your space program.

Mac Users Do a Software Update

[BasilBrush]

The fix to patch the vulnerability and remove the malware if it's there is available today. Mac users should do a software update.

Re:Mac Users Do a Software Update

Any user with Java on their system, regardless of OS, should do an update (or disable Java...).

Re:Mac Users Do a Software Update

[_xeno_]

The fix to patch the vulnerability and remove the malware if it's there is available today.

The keyword there is "today." The actual Java patch was available earlier, it's just Apple only bothered patching their version of Java until - well, after they got bitten by the vulnerability, apparently. Apple had been content to just say "applets are no longer supported" and leave it at that.

Most comments below...

[coinreturn]

will be nothing but hate.

malware

[Mr.123]

The site in question has been hosting malware on and off for over a year now. They were flagged at least half a dozen times by google over the past year for hosting malware. The site then went down for weeks while overhauling the entire forum software and then bam, this happens. Unfortunately some very good discussions happen on the site and I just can't quit using it.

Okay.... this is a new one.

[mark-t]

What the heck is a "watering hole attack"?

Re:Okay.... this is a new one.

[ThisIsSaei]

It's where you target a page used by multiple targets. Here a mobile developers forum was hit, that forum was not the real target but the people who use it frquently were. "Poisoning the watering hole" if you will.

Re:Okay.... this is a new one.

What the heck is a "watering hole attack"?

It's where troopers metaphorically attack a swagman by a billabong (the 'watering hole') causing him to leap to his death and subsequently haunt the area. I won't go into detail on how this applies in relation to computer security, but I'm sure you get the gist of it.

Re:Okay.... this is a new one.

[rb12345]

Traditionally, you had "spear phishing" attacks which had attackers sending malware or phishing emails directly to their targets. This is relatively easy to spot and filter. The "watering hole" attacks work by compromising a trusted third-party site used by the targets. For example, if your attacker know you read Slashdot or use some specialised forum site, they could attempt to compromise those sites and use them to host exploits as part of the normal pages (infected banner ads or modified page content).

Time to learn.

[ThisIsSaei]

This is a good reminder that with web-security you're only as secure as the weakest link. A new exploit pushed from a popular dev site on a trusted platform like Java is going to hit you hard and you can't avoid it directly. The real story here is how quickly / properly people responded, and how well defensive infastructure and policy stopped the intrusion. There's months and months of good security analytical reading right here. We can also compare company to company as it hit more than one.

Re:without clicking on the link

[houstonbofh]

If you block *.com you should get a lot of it.

Re:LOL

[kthreadd]

Since the exploit was in Oracle Java I would blame Java, not the operating system which dutifully let the program run. What do you suggest that Apple should do to tidy up the security in OS X? Make it run only Apple approved binaries?

Re:LOL

[NatasRevol]

Not for the last two years. They passed it back to Oracle after Oracle bought Sun.

Re:LOL

Of course this does not apply to Windows where hacks via flash, java, quicktime, etc are definitely the fault of the Windows OS, probably Bill Gates in particular, as he's the devil. That's always been the consensus on slashdot.

Re:LOL

Since the exploit was in Oracle Java I would blame Java, not the operating system which dutifully let the program run.

Well that counts out just about every Windows exploit from being Microsoft's fault then, after all Windows was just dutifully letting the program run. Do you know nothing about security? If you can exploit a user level application to compromise the system then it is the system's fault.

Re:LOL

[_xeno_]

Not exactly.

They stopped supporting future versions of Java - namely, Java 7. They still support Java 6.

In theory, by now, Java 6 support should have been dropped and Java 6 should no longer be updated at all. However, due to problems with Java 7, and compatibility issues between Apple Java and Oracle Java on Mac OS X, Java 6 lives on and is still being updated.

The Apple update to Java 6 was delivered through Software Update by Apple as an OS update. Java 6 is still done by Apple. At some point, Apple will drop support for Java entirely and the only way to run Java on Mac OS X will be to install it from Oracle.

In fact, this should have happened already. But it hasn't, yet. The next version of Mac OS X will presumably drop support for Apple's Java entirely, but as of today, it still lives on, and patches for it still come from Apple.