Apple has released an update to its XProtect.plist definitions file to provide Mac OS X with basic detection for the latest variant of OSX/Imuler. Apple identifies this malware variant as OSX.Revir.iv.
Apple’s XProtect or “safe downloads list” feature has been a part of OS X since Snow Leopard; Intego explained back in 2009 what Snow Leopard’s anti-malware function did and did not do to protect your Mac.
Without any fanfare, in late September Apple began using these definitions to block certain known-vulnerable versions of the Flash Player and Java browser plugins as well.
It’s important to note that Apple’s list of vulnerable browser plug-ins is not comprehensive; only one specific version of Java (1.7.06.24) for which there was a zero-day attack is guarded against, and the minimum version of Flash Player (11.3.300.271) was released three months ago to patch another zero-day flaw. Meanwhile, Oracle and Adobe have patched numerous vulnerabilities that could just as easily be exploited; the current version of Java is 1.7.09.05, and Flash Player is now up to 11.5.502.110, both of which include security fixes.
The OSX/Imuler malware specifically targets Mac-using Tibetans. Earlier this week Intego wrote about the new OSX/Imuler variant and what it does when it successfully infects a Mac.
While security updates from Apple are always welcome, it’s clear that Apple does not protect against every known threat and often doesn’t release updates in the most timely fashion. Days before Apple updated its definitions, Intego VirusBarrier already began detecting this threat as Trojan:OSX/Imuler.E.