The security company claims that Apple has done this on the sly and did not document it. It said there was no mention of it that it could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin.
The update was to provide limited protection against OSX/Pinhead-B (called HellRTS by Apple), a backdoor Trojan which can allow remote hackers to gain control over Mac computers for the purposes of identity theft, spying and the distribution of spam.
Sophos has been detecting OSX/Pinhead-B since April, when the malware was distributed disguised as the popular iPhoto application by malicious hackers.
Graham Cluley, senior technology consultant at Sophos, said: “It’s good that Apple has updated its Mac OS X malware protection, as this Trojan can give hackers the green light to send spam email from your computer, take screenshots of what you are doing, access your files and clipboard and much much more.
“But what’s curious to me is why Apple didn’t announce they were making this update in the release notes or security advisory that came with Mac OS X 10.6.4. It’s almost as if they don’t want to acknowledge that there could be a malware threat on Mac OS X.”
He said that unfortunately, many Mac users seem oblivious to security threats which can run on their computers, even though Apple has now built-in some elementary protection.
In his blog Mr Cluely commented some more about the update. He wrote: “This lack of awareness isn’t helped when Apple issues an anti-malware security update by stealth, rather than informing the public what it has done. You have to wonder whether marketing motives are at play behind such decisions.
“Shh! Don’t tell folks that we have to protect against malware on Mac OS X!”
He said there’s a lot less malicious software for Mac computers than Windows PCs but the fact that so many Mac owners don’t take security seriously enough, and haven’t bothered installing an anti-virus, might mean they are a soft target for hackers in the future.
He also said that Apple’s own employees were amongst the worst offenders when it comes to giving users security advice and referred to a tweet from a former colleague of his, Ian Whalley, who wrote about the poor advice about malware protection being offered in Apple retail stores.
Ian wrote on his Twitter page: “Overheard in an Apple store: Macs never get viruses. It’s impossible. Don’t even worry about it. Mmmm unwise.”