Modified MacDefender Skirts Security – Apple Responds

ByMike Moffit

Earlier in the week, Apple unknowingly initiated a game of cat and mouse with the parties behind the malware MacDefender with the release of Security Update 2011-003. This update, designed to quarantine and remove the malware from affected machines, was met yesterday with a new variant of MacDefender capable of bypassing the update’s security measures entirely.

Debuting less than eight hours after the release of Apple’s update, the new version of MacDefender carries the name ‘Mdinstall.pkg’ and has been specifically designed to thwart Apple’s methods for detecting and removing the malware. Though the quick turnaround and re-release demonstrates those behind MacDefender aren’t going down without a fight, thankfully Apple has built safeguards into its security update to protect against variations of the malware.

Included in Tuesday’s security patch were updates to Xprotect.plist—a system file responsible for identifying malware and other suspicious applications. This file is capable of updating on a daily basis to protect against mutations of previously identified and blocked malware, such as the original version of MacDefender. In response to the threat posed by Mdinstall.pkg, Apple today updated the list to include an entry for OSX.MacDefender.C, effectively blocking the threat for users with the Security Update installed.

Apple clearly takes the rising threat of MacDefender and other Mac malware very seriously. Its quick response this morning clearly indicates that the company plans to move swiftly and crush future iterations of the malicious software before they gain much traction. However, it is unfortunate that widespread malware has surfaced on OS X in the first place. The MacDefender saga has certainly ushered in a new era for Mac users. While there is a clear distinction between malware and viruses—OS X still has no known ones—the widespread damage caused by MacDefender proves the Mac is not invulnerable.

Security-Update 2011-003 is compatible with Mac OS X v10.6.7 and available via Software Update or direct download here. It is highly recommended for all Mac users with compatible software.

Similar Posts

  • Weekly Apple News Recap | 2/20-2/24

    Happy Birthday, Steve… It’s a bittersweet day…though mostly bitter: Steve Jobs was born on February 24, 1955, and today would have been his…

  • Apple Releases iOS 4.0.1

    This afternoon, Apple released the first revision of iOS4. Unsurprisingly, this update is primarily oriented around correcting the algorithms and formulas which are…

  • Apple Releases Safari 5

    With Apple’s announcement of the revolutionary iPhone 4 yesterday, it would be easy to overlook the release of Safari 5 that coincided with it. While certainly not as glamorous as Apple’s latest device, the newest version of Safari does bring some changes that will give it a serious leg up in the browser wars.

    Performance is easily the biggest deciding factor when choosing a browser, and Apple has upgraded Safari with a faster “Nitro” engine to keep themselves ahead of the game. Apple claims Safari 5 will run JavaScript 30 percent faster than Safari 4, 3 percent faster than Chrome 5.0 and more than twice as fast as Firefox 3.6.

    In addition to significant speed boosts, Safari 5 also includes the Safari Reader. This utility automatically detects if you are browsing a page with an article on it, and allows you to view it in a continuous and clutter-free manner. To enable Safari Reader, simply navigate to an applicable page and click the Reader icon in the Smart Address Field. Upon doing so, onscreen controls, similar to those seen when viewing a PDF, will appear and let you email, print, and zoom. Safari Reader even saves text settings so font size is the same if you revisit the page.

    Though not apparent by simply glancing at the UI, Safari 5 also includes a robust set of HTML5 tweaks under the hood. The new browser brings over a dozen new features including full-screen mode and closed captioning for HTML5 video as well as HTML5 geolocation. To view some examples of the HTML5 web standard in action, check out Apple’s showcase of demos here.

    Other more subtle refinements include DNS prefetching and improved catching. DNS prefetching means that if you are viewing a web page with links, Safari detects them and looks them up behind the scenes. When you click a link, the page loads faster as a result. A web cache is essentially an index of pages previously viewed. Since Safari 5’s cache has been expanded, more pages fit into it and load faster upon being revisited.

    Appending the aforementioned features are other upgrades such as a smarter address field, integrated Bing search, hardware acceleration for Windows and an improved web inspector. Safari 5 is available today, and is a free download for Mac + PC. Download it here.