This Week's Sponsor:

Winterfest 2024

The Festival of Artisanal Software

New Mac Defender Variant Bypasses Apple’s Security Update

Last night, we reported Apple issued a Security Update for Snow Leopard users to update the OS X malware definitions, enhance File Quarantine’s functionalities and, more importantly, automatically find and remove known variants of the Mac Defender malware that’s been spreading among Mac users in the past month. By enabling OS X to update definitions daily in the background with a new daemon, Apple is taking the necessary measures to make sure new versions of Mac Defender and, overall, malware targeting Mac machines in the future can be removed safely and quickly a few hours / days after they’re discovered. As reported by Ed Bott at ZDNet, a new variant of Mac Defender coming with a new installer package has already been released, and it’s capable of circumventing Apple’s new security update and work exactly like Mac Defender and Mac Guard used to until yesterday.

The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.

The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.

Bott suggests this “cat and mouse” game is just the beginning, and Apple will have to begin addressing new variants that are discovered every day. The system put in place by Apple to provide updated definitions for easy removal of malware should allow users to prevent computer infections by automatically finding suspicious packages downloaded from the Internet. [via MacRumors]

Join

Access Extra Content and Perks

Founded in 2015, Club MacStories has delivered exclusive content every week for nearly a decade.

What started with weekly and monthly email newsletters has blossomed into a family of memberships designed every MacStories fan.

Learn more here and from our Club FAQs.

Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with apps, tips, automation workflows, longform writing, early access to the MacStories Unwind podcast, periodic giveaways, and more;

Club MacStories+: Everything that Club MacStories offers, plus an active Discord community, advanced search and custom RSS features for exploring the Club’s entire back catalog, bonus columns, and dozens of app discounts;

Club Premier: All of the above and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.

Federico is the founder and Editor-in-Chief of MacStories, where he writes about Apple with a focus on apps, developers, iPad, and iOS productivity. He founded MacStories in April 2009 and has been writing about Apple since. Federico is also the co-host of AppStories, a weekly podcast exploring the world of apps, Unwind, a fun exploration of media and more, and NPC: Next Portable Console, a show about portable gaming and the handheld revolution.

@viticci
@viticci
@[email protected]
@viticci.macstories.net
[email protected]