2011 was an eventful year for Mac malware, seeing the release of the ‘most effective and widespread malware’ targeting Macs
to date.
5 reasons Macs are gaining ground in the enterprise
Intego has released its Year in Mac Security report for 2011 which contains a round-up of the biggest threats targeting Mac OS X,
iOS and various third-party apps.
Of course, much of the report is focused on MacDefender, the first so-called ‘scareware’ scam to target Mac OS X, though such scams are commonplace on the Windows platform.
MacDefender resulted in Apple releasing an update for OS X though several variants that could bypass this protection were later discovered.
“2011 was a very eventful year for Mac malware and security issues. Intego discovered the most effective and widespread malware
targeting Macs since the release of Mac OS X, and other types of malware kept pressure on Mac users. Security vulnerabilities
were common, and users had to apply many security updates to their software to ensure that they were safe,” Intego’s report
reads.
Later in the year, a couple of Backdoor Trojans were discovered – Olyx, which was never seen in the wild and Flashback, which
disguised itself as a Flash Player installer.
Mac malware ‘coming in fits and starts’
“Since Mac OS X Lion does not include Flash Player, some users were fooled and thought this was a real installation link.
When they clicked the link, an installation package downloaded, and, if the user was using Safari as their web browser with
the default settings, the Mac OS X Installer would launch. The Trojan horse would install software that injected code into
active applications, then connected to a remoteserver, from which it could download new versions of itself, or to which it
could send files or data.
“The Flashback Trojan horse spread quite effectively and a fair number of Mac users were infected. A sneakier variant was
spotted on October 13. This one checked to see if the infected computer was indeed a Mac, and not a virtual machine. This
was because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier
to delete them and start over with clean copies,” the report reads.
However, Intego notes that there were “no major vulnerabilities that affected Mac OS X in 2011″, though Apple did have need
to issue security updates for iTunes, Safari, QuickTime for Leopard as well as AirPort base stations, Time Capsule and the
Apple TV over the course of the year.
Many third-party software programs commonly used on Mac OS X required security updates throughout the year, such as Skype,
Microsoft Office, Dropbox and Adobe’s Reader and Acrobat programs. “A number of programs required security updates in 2011,
but, fortunately, none of these had vulnerabilities that were successfully exploited against Mac OS X,” the company said.
iOS required a fix in July for a PDF vulnerability that allowed iOS devices to be easily jailbroken, as well as a special
update to deal with forged security certificates. Further security updates came when iOS 5 was released in October.
You can find Intego’s full ear in Mac Security report for 2011 here.
Article source: http://www.networkworld.com/news/2012/012512-2011-eventful-year-for-mac-255312.html?source=nww_rss
View full post on National Cyber Security » Virus/Malware/Worms