Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.
Today's Security Update 2011-003 follows scathing criticism of the company's response to the threat and provides further confirmation that there is a clear and present malware threat to the Mac OS X ecosystem.
The File Quarantine update is available for Mac OS X v10.6.7 and Mac OS X Server v10.6.7.
An advisory from Apple identifies the threat as OSX.MacDefender.A.
The File Quarantine feature has also been beefed up to automatically check for known malware definitions and apply these updates when necessarily.
"The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences," Apple explained.
For Mac users who already fell victim to the MacDefender scam, Apple shipped a malware removal tool to handle post-infection clean up.
The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.
The MacDefender scam has used social engineering lures associated with Bin Laden's death to spread. There are multiple variants in circulation, according to anti-malware experts tracking the threat.