iPhoneDevSDK responds to attack

Yesterday, Apple disclosed it had been targeted by a malware attack. Apparently, related to a recent Facebook breach, Apple issued a statement regarding the situation:

"The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware."

By the end of the day, Apple had released a security update addressing the breach.

An AllThingsD write-up discovered the software developer website in question. It turned out to be the iPhoneDevSDK community. Today, iPhoneDevSDK responded:

"What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers...We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013."

The site, which only became aware of the situation after seeing the AllThingsD post, is now working with Facebook, the Vanilla forums host and law enforcement.