Recently, it was announced that such well-known names in the tech industry such as Facebook, Twitter, Microsoft, and Apple had all been affected by a watering hole attack. Employees at all of these affected firms had visited a popular iOS developer forum, which was compromised to serve a then-unknown Java exploit to its users.
Unsurprisingly, Java has received the brunt of the blame for this incident. One headline story from The Verge even called for Java to “go away“. Similar thoughts have passed through the minds of many security experts, whether they said so in the open or not.
However… Java was not the only problem here. All of the affected systems were Macs (a natural consequence of targeting an iOS developer forum). All of the focus has been how the attack arrived (Java), and not the target (Macs).