Apple fesses up to MacDefender malware; ships removal tool

Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

Today's Security Update 2011-003 follows scathing criticism of the company's response to the threat and provides further confirmation that there is a clear and present malware threat to the Mac OS X ecosystem.

The File Quarantine update is available for Mac OS X v10.6.7 and Mac OS X Server v10.6.7.

follow Ryan Naraine on twitter

An advisory from Apple identifies the threat as OSX.MacDefender.A.

The File Quarantine feature has also been beefed up to automatically check for known malware definitions and apply these updates when necessarily.

"The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences," Apple explained.

For Mac users who already fell victim to the MacDefender scam, Apple shipped a malware removal tool to handle post-infection clean up.

The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.

The MacDefender scam has used social engineering lures associated with Bin Laden's death to spread.  There are multiple variants in circulation, according to anti-malware experts tracking the threat.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All