Apple + Security & Privacy

Apple Updates XProtect Malware Definitions for Latest Imuler Variant

Posted on November 16th, 2012 by

Apple has released an update to its XProtect.plist definitions file to provide Mac OS X with basic detection for the latest variant of OSX/Imuler. Apple identifies this malware variant as OSX.Revir.iv.

Apple’s XProtect or “safe downloads list” feature has been a part of OS X since Snow Leopard; Intego explained back in 2009 what Snow Leopard’s anti-malware function did and did not do to protect your Mac.

Without any fanfare, in late September Apple began using these definitions to block certain known-vulnerable versions of the Flash Player and Java browser plugins as well.

It’s important to note that Apple’s list of vulnerable browser plug-ins is not comprehensive; only one specific version of Java (1.7.06.24) for which there was a zero-day attack is guarded against, and the minimum version of Flash Player (11.3.300.271) was released three months ago to patch another zero-day flaw. Meanwhile, Oracle and Adobe have patched numerous vulnerabilities that could just as easily be exploited; the current version of Java is 1.7.09.05, and Flash Player is now up to 11.5.502.110, both of which include security fixes.

The OSX/Imuler malware specifically targets Mac-using Tibetans. Earlier this week Intego wrote about the new OSX/Imuler variant and what it does when it successfully infects a Mac.

While security updates from Apple are always welcome, it’s clear that Apple does not protect against every known threat and often doesn’t release updates in the most timely fashion. Days before Apple updated its definitions, Intego VirusBarrier already began detecting this threat as Trojan:OSX/Imuler.E.

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh's security research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's articles at security.thejoshmeister.com and follow him on Twitter. View all posts by Joshua Long →