Malware + Security News

Apple Updates XProtect Definitions for XcodeGhost Malware

Posted on September 24th, 2015 by

Apple has updated its XProtect.plist definitions file to version 2068, providing OS X with basic detection for the XcodeGhost malware and a new version of Genieo. This update detects two new variants of malware: OSX.XcodeGhost.A and OSX.Genieo.D.

The XcodeGhost malware is a fake version of Apple's Xcode developer tool, which enabled hackers to put malicious code into apps available on the App Store.

OSX.XcodeGhost.A Xprotect malware definition

Apple also added a new code to XProtect for OSX.Genieo.D, blocking the new variant of a problematic adware installer. Genieo is a troubling installer package that surreptitiously delivers sketchy adware to people trying to install popular applications.

OSX.Genieo.D Xprotect malware

Apple's XProtect — its "safe downloads list" feature — has been part of OS X since Snow Leopard; in 2009, Intego described what this anti-malware function does to protect your Mac (and how it lacks protection). XProtect is the same function Apple uses to block out-of-date plug-ins for Flash Player and Java, both of which are often targeted by malicious folks looking to exploit vulnerabilities.

Security updates from Apple are always welcome, however, XProtect only offers rudimentary protection against specific Mac threats: it does not offer live malware scanning, nor does it protect against Windows threats or phishing attacks, and it lacks the layered protection that full-featured Mac anti-virus software can provide.

  • ForeverFeminist

    I’m a little confused. I’m using Intego Virus Barrier X6 on my iMac, which is running 10.8.5 Is MacInternet Security X8 a supplement to that version?

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}