Sophos senior technology consultant Graham Cluley, in a Friday blog post, asserts that Apple quietly patched the Mac’s malware protection to thwart a backdoor Trojan horse that could allow hackers to control an iMac or MacBook remotely.
Apple’s OS X 10.6.4 upgrade secretly patched XProtect.plist, a file that contains “elementary signatures of a handful of Mac threats – to detect what they call HellRTS,” Cluley writes. Malicious hackers have been disguising HellRTS as iPhoto, the Mac’s photo-editing program.
A Mac infected by this particular breed of malware would be open to a variety of attacks. For instance, hackers could capture screenshots of user activity, access files and clipboard data, and send spam from the computer. Sophos security programs have detected HellRTS as OSX/Pinhead-B since April, according to Cluley.
Apple did not respond to PCWorld’s request for comment.
Saving Face
If Sophos’ claims are correct, Apple wouldn’t be the first OS maker to keep some security fixes secret. Microsoft officials in May admitted that they don’t report all the security shortcomings in their software. Redmond’s non-disclosure of patches was revealed by Core Security Technologies, which discovered three undocumented fixes in recent Microsoft software upgrades.
Does an operating system vendor have a responsibility to reveal all of its security patches to its users? The question is particularly pertinent to Apple, which has long trumpeted the Mac as the safer alternative to Windows PCs.
Cluley believes that Apple’s marketing strategy has contributed to a false sense of security among Mac users:
“Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn’t helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done. You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. ‘Shh! Don’t tell folks that we have to protect against malware on Mac OS X!’ “
Apple employees are often “the worst offenders when it comes to giving users security advice,” says Cluley, who adds that a former colleague of his, while visiting an Apple Store recently, overheard a staffer tell a customer that it was “impossible” for Macs to get viruses, and that Mac users shouldn’t “even worry about it.”
Security patches are a fact of life for OS makers. For a vendor like Apple, fixes of this nature can be particularly embarrassing. What do you think? Should Cupertino spill the beans on every anti-malware upgrade it issues?
Contact Jeff Bertolucci via Twitter (@jbertolucci) or at jbertolucci.blogspot.com.