In its Mac OS X 10.6.4 (“Snow Leopard”) upgrade Apple included new antivirus signatures to help fight off some of the more “high profile OS X exploits found in the wild, reports “Maximum PC” (http://www.maximumpc.com/article/news/apple_sneaks_antivirus_signatures_osx?).
The most notable of these is a file disguised as the iPhoto application which, when launched, lets attackers send spam, take screenshots, access files, and more.
“Our guess is that the Apple marketing department couldn’t find a positive light to spin the new OS enhancement, so it was conveniently left out of the patch notes,” “Maximum PC” says. “Cnet pointed out, and we agree, that Apple’s ongoing refusal to acknowledge security flaws in its products exposes users to greater danger since they are lulled into a false sense of security.”
The Sophos security company claims that Apple added the antivirus signatures “on the sly,” reports “TechEye” (http://www.techeye.net/security/apple-secretly-updates-anti-malware-for-mac-os-x). It said there was no mention of it that it could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin.
The update was to provide limited protection against OSX/Pinhead-B (called HellRTS by Apple), a backdoor Trojan which can allow remote hackers to gain control over Mac computers for the purposes of identity theft, spying and the distribution of spam.