Apple Updates Mac OS X with MacDefender Patch

| News

Apple released Security Update 2011-003 for Mac OS X Tuesday, an update designed to defend Mac users from the MacDefender malware currently circulating on the Internet. The patch adds Mac Defender to the list the company maintains of known malware, and introduces a new daily check for updates to that list. It will also look for Mac Defender on your system when you install the patch.

The patch works in two ways. The first is that Apple has added Mac Defender to its list of known malware, as mentioned above. This list is consulted every time you download a file on your Mac, and if known malware is found, you’ll get a warning message similar to this:

MacDefender Warning

That feature has long been in place for Mac OS X, but few users ever saw it in use save for the more generic warning that you get when opening a new application you have downloaded through a browser.

What’s new is an automatic daily check with Apple to see if anything new has been added to that list. For instance, Apple would add any variations on MacDefender as they are discovered. Before this patch, Apple would have updated the list on your local Mac through OS updates and security updates.

The next step in this patch is to scan your system for MacDefender. If your Mac finds it, it will be removed. Going forward, Apple will be relying on the download check to protect against the malware, not additional system-wide checks like most anti-virus software solutions provide.

The patch can be downloaded through Software Update for Mac OS X 10.6.7. It’s a 2.1MB download, and does NOT require a restart to install.

Apple’s patch notes:

  • File Quarantine

    Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
    Impact: Definition added
    Description: The OSX.MacDefender.A definition has been added to the malware check within File Quarantine. Information on File Quarantine is available in this Knowledge Base article:
  • File Quarantine

    Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
    Impact: Automatically update the known malware definitions
    Description: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the “Automatically update safe downloads list” checkbox in Security Preferences. Additional information is available in this Knowledge Base article:
  • Malware removal

    Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7
    Impact: Remove the MacDefender malware if detected
    Description: The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed. Additional information is available in this Knowledge Base article:

Popular TMO Stories



improving File Quarantine should make it faster for Apple to release updates. Now we have to worry about malware makers making a malware to disable File Quarantine.

Sounds familiar smile


Two interesting (to me) notes on this:

1) The security patch does NOT require a restart, so no excuses for waiting on it

2) The daily download of malware list updates can be disabled in the Security system preference pane (checkbox labeled “Automatically update safe downloads list”)


Here we go folks!  Welcome to the mainstream, and the world of daily malware updates. :(

For once I’d like to turn the clock back about five years…

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account