James Delahunty
16 Feb 2013 20:23
Social Network giant Facebook has revealed that it was a target in a sophisticated attack using a zero-day exploit that delivered malware to employee's computers.
The social network discovered the problem last month, which had been started when Facebook employees visited a compromised mobile developer website, specially crafted to exploit a previously unknown vulnerability in Oracle's Java browser products.
Facebook made the discovery when a suspicious domain showed up in the corporate DNS logs and was traced back to an employee's laptop. Further investigation found several other compromised devices. When it discovered the source of the problem, Facebook alerted Oracle, which already issued a security update for affected Java products.
The social network made the information public on Friday, and assured users that there is absolutely no evidence that Facebook user data was compromised.
It also said it was not the only firm targeted with this attack by an unknown group, and said it is committed to sharing information about security threats with other major websites, law enforcement and so on.