In this case, the security company Websense has published how a mass attack has occurred to add malicious references to LizaMoon.com in 280,000 sites, using this technique of SQL Injection en masse.
The curious thing is that Apple's website has been affected again and appears among the compromised sites that distribute malware. It must be said that Apple is working fast and has cleaned the web of any reference to this site, although it is still possible to access the results using the cache of the search engines, and see how, on this occasion, the code was injected into the title of the podcasts in iTunes.
In this case, the number of users who have been able to fall into the deception is unknown, or the number of links that were effective, since these podcasts are also read by RSS readers. The fact is that it is not the first time that Apple has fallen into massive SQL Injection attack schemes to distribute malware. Already in August 2010 he fell into another massive attack through the iTunes website.
The forums were also hacked last year and, in Zone-h you can see a list of sites that were defacemented in Appe.com. The truth is that Apple's website leaves much to be desired in security. More than a month and a half ago, we reported some security flaws on the Apple website that we found, and after a quick response email we are still waiting to see if they fix them, so that we can tell you.
As a final recommendation, to prevent normal browsing on a web page from infecting you with malware, we give you the usual recommendations:
1) Have all your system software up to date.
2) Have an antimalware installed with real-time protection.
3) Install an AntiXSS solution in the browser you use.
4) Browse the Internet with an unprivileged user.
5) Don't rely on any automatic file downloads.
Source: Apple Security
