Security Update 2011-003 for Snow Leopard released - addresses MAC Defender

Apple has released an important security update for users of Mac OS X Snow Leopard. The update, which requires Mac OS X 10.6.7, removes known variants of the recent MAC Defender malware which began surfacing at the beginning of May. In addition, the update also enables the operating system to update its internal list of known malware on a daily basis via a new background process. The new option to control daily updates is available as shown in the above screenshot.

The update comes a week after Apple officially acknowledged the issue in a support knowledgebase article. The changes in this update are listed in the following KB article posted by Apple:

File Quarantine
Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
Impact: Definition added
Description: The OSX.MacDefender.A definition has been added to the malware check within File Quarantine.

File Quarantine
Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
Impact: Automatically update the known malware definitions
Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences.

Malware removal
Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
Impact: Remove the MacDefender malware if detected
Description: The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.

The move to enable a new updating mechanism ahead of the next scheduled update for Mac OS X, 10.6.8, may be seen as a response to the growing number of MAC Defender variants and spinoffs. Shortly before the publication of the MAC Defender KB article last week, a new variant under the name "MacGuard" appeared. Unlike MAC Defender, MacGuard does not require users to supply administrator credentials for installation.

Users may download the update via this link.

Image Credit: Apple

Report a problem with article
Previous Story

Report: US could respond to cyber attacks with military force

Next Story

World Health Organization: Cellphones are "possibly carcinogenic"

21 Comments

Commenting is disabled on this article.

Wasn't this fix pretty much made pointless as the creator of MacDefender has re-wrote it to not be caught now? Pretty much a cat and mouse game just as it is with Windows machines... But I've also never seen the cure all quick fix program to remove everything yet!

Great update. I wanted an update that overhauls our general security, not just something about MAC Defender specifically. This does the job perfectly.

PyX said,
Great update. I wanted an update that overhauls our general security, not just something about MAC Defender specifically. This does the job perfectly.

How exactly is one option overhauling the general security?

PyX said,
Great update. I wanted an update that overhauls our general security, not just something about MAC Defender specifically. This does the job perfectly.
Just hope you're not the first buddy!

PyX said,
I wanted an update that overhauls our general security ... This does the job perfectly.
Not exactly. This only helps OS X do a better job of catching known malicious files; new variants that don't match the definitions will slip right through just like they did before this update.

This update is no substitute for a full antivirus product. An antivirus makes use of heuristic and behaviour analysis to help identify unknown threats rather than relying solely on definitions.

PyX said,
Great update. I wanted an update that overhauls our general security, not just something about MAC Defender specifically. This does the job perfectly.

But all this could have been avoided had Apple not enabled files to be opened automatically when downloaded with Safari. Such an obvious security hole shouldn't have been in the system in the first place IMHO. With that being said, I'm a happy Mac user that they've provided a decent solution for the long term rather than the adhoc way they addressed malware in the past.

Arkose said,
This update is no substitute for a full antivirus product. An antivirus makes use of heuristic and behaviour analysis to help identify unknown threats rather than relying solely on definitions.

Yet most anti-virus software out today on Windows isn't capable of detecting these fake counterparts either...

Arkose said,
Not exactly. This only helps OS X do a better job of catching known malicious files; new variants that don't match the definitions will slip right through just like they did before this update.

This update is no substitute for a full antivirus product. An antivirus makes use of heuristic and behaviour analysis to help identify unknown threats rather than relying solely on definitions.

You are kidding right? I'd bet a lot of those infected didn't have that option enabled and simply clicked "open" on the warning mac os gives you everytime you open a downloaded application

DomZ said,

You are kidding right? I'd bet a lot of those infected didn't have that option enabled and simply clicked "open" on the warning mac os gives you everytime you open a downloaded application

Sorry I was meant to quote mr nom nom

DomZ said,
You are kidding right? I'd bet a lot of those infected didn't have that option enabled and simply clicked "open" on the warning mac os gives you everytime you open a downloaded application.

Very doubtful given that I've had images downloaded, opened and the installer itself automatically launched - were there some clueless people? sure there were but I doubt it was in the volumes where even 90% of infections were caused due solely to being clueless. Btw, this malware differs from previous ones given that previous malware was only present in pirated software off torrent and file sharing sites where as this malware was available for the general public.

Btw, if you're going to be arrogant in your post you might actually want to learn how to use the forum and secondly that after you post you actually make sure that you quoted the correct post instead of firing off a reply then disappearing afterwards - its called proof reading, do it some time.

Wonder if Apple will continue this response with the newest Mac defender that doesn't require a user to enter the admin password.

Tim Dawg said,
Wonder if Apple will continue this response with the newest Mac defender that doesn't require a user to enter the admin password.

The safe downloads list (malware list) will auto-update daily from now on instead of waiting on Software Updates. So yes.

Edited by Damian, May 31 2011, 11:12pm :