AAPL Stock: 118.05 ( + 0.02 )

Printed from

New Mac Defender variant already being blocked by Mac OS X

updated 12:30 pm EDT, Thu June 2, 2011

Definitions updating silently

A newer variant of Mac Defender which bypassed Security Update 2011-003 on Tuesday has in turn been defeated by a definition update, an Italian website notes. A check of Snow Leopard's XProtect.plist file should now show an entry for "OSX.MacDefender.C." Definitions for A and B variants of the malware were included with the Security Update.

The PLIST file reveals that Apple is indeed doing silent updates of Snow Leopard's antivirus protection, rather than notifying people of changes. The Security Update introduced automatic definition updates to the OS, similar to systems employed by third-party AV tools. By building definitions to update without formal patches, Apple should be able to more rapidly respond to the growing number of Mac security threats.

by MacNN Staff



  1. jscotta

    Joined: Dec 1969



    No need for a press release and a lot of hype over how well OS X continues to work. As Nike says, "Just Do It".

  1. B9bot

    Joined: Dec 1969


    Where is this plist file? I've searched for it fou

    I'm wondering where this plist file is, because I've searched for it and can't find it.

  1. B9bot

    Joined: Dec 1969


    Mac Central explains where it is or how to find it

    In terminal you can copy and paste the following to find out if you are up to date.

    more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

    It should say

    Wed, 01 Jun 2011 21:19:15 GMT

    If it does your security update is working and updating fine.

    Comment buried. Show
  1. Feathers

    Joined: Dec 1969



    All this stupid trojan does is provide further support for the notion of the App Store becoming the sole method or vector through which anything can be installed onto a Mac. That would be a classic case of surrendering freedom for security and we know what Ben Franklin said about that!

  1. testudo

    Joined: Dec 1969


    Re: Consolidation

    Since it would be in Apple's best interests financially to have such total control, then this would lead the conspiracy theorist to suggest that Apple is in some way behind these attacks in the first place.

  1. testudo

    Joined: Dec 1969



    No need for a press release and a lot of hype over how well OS X continues to work. As Nike says, "Just Do It".

    Last I checked, the only companies sending out press releases about adding in support to fight some malware are the virus makers - er, I mean virus-scanner makers trying to sell products.

    Heck, don't even recall Apple sending out a PR about putting in the original block.

  1. tntracy

    Joined: Dec 1969


    Here Is a Link To Macworld Article...

    ...that contains the terminal command posted above to check the malware definitions version, as well as how to "force" an update:

  1. facebook_Clarence

    Via Facebook

    Joined: Jun 2011



    If this is already MacDefender.C, Apple is going to run out of letters fast!

  1. facebook_Boyd

    Via Facebook

    Joined: Jun 2011


    Great job apple

    They were on this pretty fast. I for one love the silent updates. I don't have to worry about it. Great job Apple.

  1. donmontalvo

    Joined: Dec 1969


    Famous quote...

    Alrightly then...this reminds me of an old movie quote...

    Will Hunting: "How do you like them Apples?"

    Apple raises the bar. Again. :)

    PS, I just hope hackers don't get to the definitions list...

    Don Montalvo, TX

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented