Second Mac OS X worm spreads via Bluetooth vulnerability

Sophos Press Release
A second worm has been written for Mac OS X. Image copyright (c) Sophos
A second worm has been written for Mac OS X.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have issued protection against a second worm for Mac OS X. The OSX/Inqtana-A worm spreads between Apple Macintosh computers via a Bluetooth vulnerability. The new worm has appeared within days of the discovery of the first ever real virus for Mac OS X.

The Inqtana worm exploits a vulnerability (known as CAN-2005-1333) to spread itself to other vulnerable Mac OS X computers. However, Apple released a patch against the vulnerability in mid 2005, meaning the worm is highly unlikely to spread successfully.

Users of Mac OS X are advised to keep their software updated against the latest security vulnerabilities in Apple's code.

"It's disturbing to see a second worm for Mac OS X so soon after the first, but it should be remembered that this is only two compared to well over 100,000 viruses for Microsoft operating systems," said Graham Cluley, senior technology consultant for Sophos. "The good news is that Inqtana is not going to spread successfully in the wild, but this announcement will still be a shock to those in the Mac community who thought hackers were not interested in their operating system."

Sophos customers have been automatically protected against the worm since 01:15 GMT, 18 February 2006.

A report issued by Sophos yesterday revealed that 79% of people believed that Apple Macintoshes would be targeted more in future, following the discovery of the first Mac OS X worm.

"This means two real viruses have emerged for the Mac OS X platform in less than a week," continued Cluley. "The question on everyone's lips is - when will we see the next one, and will it have a more malicious payload? Apple Mac users need to be just as careful about protecting their computers with anti-virus software, firewalls and security patches as their friends and colleagues using Windows."

Sophos advises all computer users, whether running PCs or Macs, to practise safe computing and keep their anti-virus software updated.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at