Apple updates OS X malware shield

Posted by Aharon Etengoff

Apple has updated its OS X malware shield to protect against a backdoor Trojan horse that could theoretically allow hackers to gain control over an iMac, MacBook, or Mac Mini.

The anti-malware update - which was part of Apple's recently released 10.6.4 operating system build - was reportedly omitted from all upgrade release notes and accompanying security bulletins.

"Apple...updated XProtect.plist - the rudimentary file that contains elementary signatures of a handful of Mac threats - to detect what they call HellRTS," confirmed Sophos security expert Graham Cluley.

"HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers. If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more."

Cluley also criticized Apple for issuing its anti-malware update "by stealth," rather than informing the public of a critical security threat.

"You have to wonder whether [they are] keeping quiet about an anti-malware security update like this for marketing reasons.

"It seems their own employees can be amongst the worst offenders when it comes to giving users security advice. Just a few days ago I saw a former colleague of mine tweet about the poor advice about malware protection being offered in Apple retail stores."