Posted by: David Harley | February 7, 2013

How a FILE URL can crash an app, and the steady growth of Mac malware

(1) The estimable Paul Ducklin comments on how (not) to crash certain applications by typing FILE colon slash slash  (including TextEdit, Safari, Apple Mail, and other apps that “knowingly or unknowingly make use of DataDetectorsCore, which is part of Apple’s AppKit development libraries.” You may not think that you’d  ever need to do this, but this refers to a legitimate type of URL, and you may not always be directly responsible for its popping up onscreen by typing it yourself.

I’m following Duck’s circumlocatory example to avoid the same scenario: while I don’t think the browser I’m using right now is affected, the same may not be true for you, and I’d kind of like you to get to the end of the article.

Anatomy of a bug – how Mac OS X chokes if you say “FILE”

I don’t advocate your trying the hacks Duck mentions unless you’re very sure you understand the implications.

(2) The equally estimable Mikko Hypponen tweets that “Amount of new Mac OS X malware doubled in 2012: There were 121 cases in 2012 vs 59 cases in 2011”, referring to F-Secure’s 2012 H2 report here.

Actually, the word ‘cases’ might be a little misleading. He doesn’t mean that only 121 Macs were infected in 2012. Looking at the full report, we see that:

Apart from the major Flashback outbreak in early 2012, we saw a slow but steady increase in malware on the Mac platform, as we detected 121 new, unique variants in all of 2012, the majority of them backdoors. By contrast, in 2011, we recorded only 59 new unique families discovered on that platform.

That’s not much compared to the tens-to-hundreds of thousands of Windows binaries analysed by AV labs every day, but it’s nevertheless significant, and reflects the same sort of malware growth seen elsewhere in the Mac-facing security industry.

Mac Virus/Anti-Malware Testing/Small Blue-Green World
ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: