Apple says no data appears to have been stolen, and the Cupertino, Calif.-based company is working with police to track down the hackers.
It told Reuters that only a small number of its employee's Mac computers were infiltrated by the malware, which is designed to attack Mac computers. It add there was no evidence that any data had been stolen.
Apple's statement, via AllThingsD:
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network."
The company is effectively blaming malware that was written in Java, a popular programming language overseen by Oracle, that is known to have many security flaws. A similar Java script malware also infiltrated the computers of several Facebook staffers last month, after they visited an infected mobile development site. Facebook admitted to the breach in a blog post last Friday, also saying that no user data was compromised.
Though Apple said the malware had been used against "other companies," Reuters cites a person briefed on the investigation as saying that the same malicious software has infected hundreds of companies, including defence contractors.
Apple said it would release a software tool later today to protect customers against the same malware that was used in the attacks on its staffers' computers. "To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found."
The news underlines how hackers can breach the systems of even the most tightly-guarded and secretive technology companies. Recent attacks that have hit Apple, Facebook and other high-profile companies often bear similar hallmarks of infiltrating a system via employee computers, and with a straightforward spear-phishing campaign.
More troublingly for Apple, the attack also highlights a growing number of attacks on Mac computers, which are widely thought of as safer from software viruses than Windows-based PCs. The unnamed source cited by Reuters added that this was the "first really big attack on Macs" and that Apple had "more on its hands than the attack itself."
Criminal hackers are spending more time investigating security flaws in Mac computers, Reuters reports, as Apple gains further market share in desktop computers from PC makers like Dell, HP and Lenovo.
As yet there is no clear sign that the attacks are linked to a wider, Chinese-led cyber espionage campaign against the U.S. government.
Follow me on Twitter: @Parmy
- Technology & Electronics
- Mac computers