Posted by: David Harley | March 22, 2011

XProtect update

Kaspersky’s Marco notes that the latest update to Snow Leopard (10.6.7) includes a silent update to Apple’s minimalist XProtect antivirus facility, which is able to detect three examples of Mac-targeting malware (including some variants), if it happens to be looking that way at the time.

Specifically (using Kaspersky names):

  • OSX.RSPlug
  • OSX.Iservice
  • OSX.HellRTS

And now, OSX.Opinionspy, about which we blogged several times in June 2010. It must be a very pleasant, leisurely pursuit, being a malware researcher at Apple.

I note that McAfee’s Francois Paget has put together an interesting analysis of the latest patch and how it relates to CVE vulnerability IDs: see

And Larry Seltzer notes that “One of the vulns fixed in today’s Mac OS update is CVE-2006-7243. Yes, that’s 2006.”  

While Vupen tell us that “Apple Mac OS X 10.6.7 does NOT fix our Safari Pwn2own exploit. The flaw used by @0xcharlie to pwn iPhone was present in Mac and is now fixed.”

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: