Apple Silently Updates Mac OS With Malware Protection
Researchers at Sophos Labs, which first detected Apple's silent upgrade, said that Apple updated its XProtect.plist, a file that contains basic signatures for various Mac threats, specifically to detect a malicious Trojan the company calls HellRTS.
However, Graham Cluley, Sophos senior technology consultant, said in a blog Friday that Apple failed to mention the update in its release notes for the new OS X 10.6.4, or the related security bulletin, which could ultimately serve to mislead and harm Mac users down the road.
"There's a lot less malicious software for Mac computers than Windows PCs, of course, but the fact that so many Mac owners don't take security seriously enough, and haven't bothered installing an anti-virus, might mean they are a soft target for hackers in the future," Cluley said in the blog post. "And I'm afraid that although I welcome Apple doing something to reduce the malware problem on Mac OS X, I don't consider it a replacement for real anti-virus software."
Hackers have distributed the malicious HellRTS Trojan, which masquerades as the iPhoto application embedded in Mac computers.
The Trojan behaves like any other for Windows OS. Once victims open a malicious "iPhoto" file and become infected, hackers will have the ability to take control of a user's computer remotely to steal sensitive data, as well as send spam, take screenshots, obtain user's login and password credentials or access other files.
However, the Apple update for HellRTS more than doubles the size of the XProtect.plist file from 2.4k to 5.1k. What's more, there's still a lot of Mac malware that won't be detected by the update, Cluley said.
All in all, while it was good that Apple is attempting to protect its users, Cluley said that the company was doing them a disservice by suppressing the fact that malware protection was added to the update, and further perpetuating the myth that Mac's are impervious to viruses and other security threats.
"Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn't helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done," he said. "You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. 'Shh! Don't tell folks that we have to protect against malware on Mac OS X!'"