Apple adds stealth patch to fix Trojan vulnerability

Powered by SC Magazine
 

Fix for Trojan not mentioned in release notes.

Analysts at Sophos say that they have discovered a stealth patch to Apple's anti-malware software that has not been mentioned in the security notes accompanying its release this week.

After analysing the patch the researchers found an update to the XProtect.plist file in OSX, which includes malware signatures, which will block the HellRTS trojan first seen in the wild in April. The Trojan masquerades as iPhoto but gives an attacker control the infected system, allowing it to be used to send spam and take part in distributed denial of service attacks.

“Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn't helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done," blogged Graham Cluley, senior technology consultant at Sophos.

“You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. "Shh! Don't tell folks that we have to protect against malware on Mac OS X!"

Compared to the PC platform the amount of malware for Apple systems is tiny at present, but experts are warning that Apple users are complacent about security and that seems to be reflected in the advice staff are giving customers at Apple stores.

“Overheard in Apple store: “Macs never get viruses, it's impossible, don't even worry about it.” Mmmm unwise.” tweeted Ian Whalley, former Sophos employee.

Copyright ©v3.co.uk


Apple adds stealth patch to fix Trojan vulnerability
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 803

Vote