Apple's Mac Defender patch is already worthless

Within hours of Apple updating Mac OS X to specifically deal with the Mac Defender problem, the malware developers have already released code that bypasses the fix into the wild. "Mdinstall.pkg" is the name of the file, and it appeared to have been released about 8 hours after Apple's fix.

It will take some time for this version of Mac Defender to propagate, thus Apple's updated antivirus definitions will provide some limited protection. It will likely require the Cupertino company to work daily in updating the definitions -- a whole new world for a company used to watching malware purveyors attack Windows instead.

Apple's antivirus feature isn't quite full antivirus, but is certainly moving towards that. It essentially compares downloaded files to a list of known malware, and will pop up a warning box blocking downloads that match those definitions. It is not an active system though, so it only works when downloading files.


"Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process," a support note describing the system's functions reads.

Users employing this new feature should be aware of a possible bug in how the security pane saves settings. Security firm Intego notes that in certain situations, Mac OS failed to save preferences, which means your Mac may still be unprotected.

This appears to only happen if the security pane is unlocked and settings not altered and saved within 30 seconds.

56 Responses to Apple's Mac Defender patch is already worthless

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.