Posted by: David Harley | March 22, 2011

XProtect update

Kaspersky’s Marco notes that the latest update to Snow Leopard (10.6.7) includes a silent update to Apple’s minimalist XProtect antivirus facility, which is able to detect three examples of Mac-targeting malware (including some variants), if it happens to be looking that way at the time.

Specifically (using Kaspersky names):

  • OSX.RSPlug
  • OSX.Iservice
  • OSX.HellRTS

And now, OSX.Opinionspy, about which we blogged several times in June 2010. It must be a very pleasant, leisurely pursuit, being a malware researcher at Apple.

I note that McAfee’s Francois Paget has put together an interesting analysis of the latest patch and how it relates to CVE vulnerability IDs: see http://blogs.mcafee.com/mcafee-labs/busy-month-for-apple.

And Larry Seltzer notes that “One of the vulns fixed in today’s Mac OS update is CVE-2006-7243. Yes, that’s 2006.”  

While Vupen tell us that “Apple Mac OS X 10.6.7 does NOT fix our Safari Pwn2own exploit. The flaw used by @0xcharlie to pwn iPhone was present in Mac and is now fixed.”

David Harley

About these ads

Posted in David Harley, Larry Seltzer, OSX/HellRTS, OSX/iServices, OSX/OpinionSpy, OSX/RSPlug | Tags: , , , , , , , , , , , , , , ,

«
»

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 43 other followers

%d bloggers like this: