Sophos: Apple Users Don’t Take Security Seriously

Apple has quietly slipped an update to the anti-malware security protections in its Mac OS X operating system.

Earlier this week, Apple released Mac OS X 10.6.4 – the latest edition of Snow Leopard – with fixes for more than two dozen security holes. In that release, Apple added a malware signature for a Trojan known as HellRTS to the XProtect.plist file in the Mac.

iPhoto Malware

XProtect was added to the operating system last year. At the time, however, Apple only included detection for two known Mac Trojans. According to Sophos Senior Technology Consultant Graham Cluley, the recent update adds protection for a Trojan that has been distributed by attackers under the guise of iPhoto, the photo application that ships on Mac computers.

“If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more,” he blogged.

Mac Owners Don’t Take Security Seriously

“Unfortunately, many Mac users seem oblivious to security threats which can run on their computers…There’s a lot less malicious software for Mac computers than Windows PCs, of course, but the fact that so many Mac owners don’t take security seriously enough, and haven’t bothered installing an antivirus, might mean they are a soft target for hackers in the future,” Cluley added.

The Mac update that included the additional protection for XProtect also shipped with a vulnerable version of Adobe Flash Player (10.0.45.2). Adobe Systems is advising Mac users who downloaded the update to visit their site and download the latest version of Flash, 10.1.53.64. Those who already have the most current version of Flash installed do not appear to be downgraded by the Apple update, noted Wendy Poland, security response program manager at Adobe.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago