Apple + Security & Privacy

Apple Updates XProtect Malware Definitions for Latest Imuler Variant

Posted on November 16th, 2012 by

Apple has released an update to its XProtect.plist definitions file to provide Mac OS X with basic detection for the latest variant of OSX/Imuler. Apple identifies this malware variant as OSX.Revir.iv.

Apple's XProtect or "safe downloads list" feature has been a part of OS X since Snow Leopard; Intego explained back in 2009 what Snow Leopard's anti-malware function did and did not do to protect your Mac.

Without any fanfare, in late September Apple began using these definitions to block certain known-vulnerable versions of the Flash Player and Java browser plugins as well.

It's important to note that Apple's list of vulnerable browser plug-ins is not comprehensive; only one specific version of Java ( for which there was a zero-day attack is guarded against, and the minimum version of Flash Player (11.3.300.271) was released three months ago to patch another zero-day flaw. Meanwhile, Oracle and Adobe have patched numerous vulnerabilities that could just as easily be exploited; the current version of Java is, and Flash Player is now up to 11.5.502.110, both of which include security fixes.

The OSX/Imuler malware specifically targets Mac-using Tibetans. Earlier this week Intego wrote about the new OSX/Imuler variant and what it does when it successfully infects a Mac.

While security updates from Apple are always welcome, it's clear that Apple does not protect against every known threat and often doesn't release updates in the most timely fashion. Days before Apple updated its definitions, Intego VirusBarrier already began detecting this threat as Trojan:OSX/Imuler.E.

About Joshua Long

Joshua Long (@theJoshMeister) is a renowned security researcher and writer. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Business Administration and Computer and Information Security. His research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's security articles at and follow him on Twitter and Google+. View all posts by Joshua Long →
  • Al Varnell

    > it’s clear that Apple does not protect against every known threat

    Maybe it’s just me, but I define a threat as something that is actually found in the wild that will impact OS X as opposed to a vulnerability which could be exploited by a threat. As far as I know there are no known threats from Flash or Java vulnerabilities, nor any other currently active malware to a fully up-to-date OS 10.6.8 or above. What other known threats are you aware of that are actually out there now?

    • LysaMyers

      Imuler is in fact infecting real people’s machines, so it is in the wild.

      • Al Varnell

        The Apple XProtect system contains signatures for all four known Imuler/Revir variants and should adequately protect up-to-date users of Snow Leopard and above.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}