New MacDefender Bypassed Apple Security Update 2011-03

Apple on May 31st pushed an Security Update 2011-003, to get rid of the MacDefender malware that has been an annoyance for nearly a month, available for both Mac OS X 10.6.7 and Mac OS X Server 10.6.7, included a malware removal tool that searches for and removes "known variants of the MacDefender malware."But mere […]

Apple on May 31st pushed an Security Update 2011-003, to get rid of the MacDefender malware that has been an annoyance for nearly a month, available for both Mac OS X 10.6.7 and Mac OS X Server 10.6.7, included a malware removal tool that searches for and removes "known variants of the MacDefender malware."

But mere hours after the release of the update, cybercriminals "released a new variant of the malware that easily defeated Apple's belated security efforts," reports Yahoo News.

Ed Bott found a MacDefender variant capable of bypassing Apple's defenses. The malware, called Mdinstall.pkg, is "specifically formulated to skate past Apple's malware-blocking code," Bott wrote.

Bott tested Mdinstall.pkg on a Mac running Safari, and the malware installed itself without a password.

Apple's new malware removal tool does allow for periodic updating of "definitions," malware profiles that let the software identify individual Trojans and viruses. That's exactly how commercial anti-virus software for Windows-based PCs works, and one would expect Apple to update the definitions to include this new variant very soon.

It's not clear how Apple will keep ahead in what may become a drawn-out game of digital whack-a-mole. Hopefully the new definitions will be incorporated into the malware removal tool without requiring that a Mac reboot itself.

[Source: Ed Bott, Via: Yahoo News]