MacDefender Defeats Apple Security Update

Apple proudly released an update to its Mac OS which it claimed would free its users from the evil MacDefender malware.

The Tame Apple Press reported that May 31 was the day that the Mac was again liberated from malware which henceforth would only be seen on Windows machines. It took Apple a month to first acknowledge that there was fault and then come up with a fix.

Of course what Jobs’ Mob didn’t know, which other software companies have known for years, is that within seconds of the update, the cyber criminals who wrote the code, would update theirs.

Sure enough, within an hour or two, MacDefender software was upgraded and easily defeated Apple’s belated security efforts.

ZDNet security researcher Ed Bott found a MacDefender variant capable of ignoring Apple’s fix. He dubbed it Mdinstall.pkg, and it was specifically formulated to skate past Apple’s malware-blocking code.

The new variant installs itself on a Mac running Safari without needing a password and has been seen on Facebook.

In the real world, anti-virus companies would just update their virus checkers with the new variant. It would be fixed in a day, if not a few hours.

But thanks to Apple’s system of dealing with malware, which means an existential argument about whether or not it can exist on an Apple computer for a month, it means that these variants will have quite a good shelf life.

Apple’s new malware removal tool allows for periodic updating of “definitions,” malware profiles that let the software identify individual Trojans and viruses. But given the fact that the variant has been in the wild now for 48 hours and nothing seems to have happened yet, probably indicates that it will be a couple of weeks before Apple thinks of fixing it.

AV companies play games of cat and mouse with malware makers for months. The side that wins is the one which responds quickest. Apple has consistently shown that it too slow to react to faults because it chants a company mantra that it is perfect.