Apple secretly updates Mac malware protection, Sophos reveals

Sophos Press Release

Mac OS X 10.6.4 includes limited protection against Pinhead-B Trojan

Apple Mac

Researchers at IT security and data protection firm Sophos have discovered that Apple secretly updated the anti-malware protection built-into Mac OS X when it released a new version earlier this week.

Although not documented by Apple, Mac OS X 10.6.4 has been updated to provide limited protection against OSX/Pinhead-B (called HellRTS by Apple), a backdoor Trojan which can allow remote hackers to gain control over Mac computers for the purposes of identity theft, spying and the distribution of spam.

Sophos has been detecting OSX/Pinhead-B since April, when the malware was distributed disguised as the popular iPhoto application by malicious hackers.

"It's good that Apple has updated its Mac OS X malware protection, as this Trojan can give hackers the green light to send spam email from your computer, take screenshots of what you are doing, access your files and clipboard and much much more," said Graham Cluley, senior technology consultant at Sophos. "But what's curious to me is why Apple didn't announce they were making this update in the release notes or security advisory that came with Mac OS X 10.6.4. It's almost as if they don't want to acknowledge that there could be a malware threat on Mac OS X."

Sophos researchers discovered that Apple updated a file called XProtect.plist - the rudimentary file that contains elementary signatures of a handful of Mac threats - to detect "HellRTS".

"It's true to say that there are far far fewer malware threats for Mac than there are for Windows - but that doesn't mean the problem is non-existent. Unfortunately, many Mac users seem oblivious to security threats which can run on their computers, even though Apple has now built-in some elementary protection," continued Cluley. "This lack of awareness isn't helped when Apple issues an anti-malware security update by stealth, rather than informing the public what it has done. You have to wonder whether marketing motives are at play behind such decisions."

Sophos experts warn that many Mac users have not bothered to install anti-virus software, meaning they could be a soft target for hackers in the future.

More information about Apple's anti-malware update can be found on Graham Cluley's blog.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at