On Tuesday, Apple released a security update for Mac OS X to block the MacDefender malware, which displays a web pop-up telling a user that his or her Mac has been infected by a virus and to install bogus anti-virus software.
The update removes known versions of MacDefender and adds detection capabilities to Mac OS X 10.6 Snow Leopard’s built-in malware feature to stop users from downloading the software.
The update involves a three-part approach:
File Quarantine: A definition (OSX.MacDefender) has been added to the malware check within File Quarantine. Information on File Quarantine is available in this Knowledge Base article.
File Quarantine: The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences. Additional information is available in this Knowledge Base article.
Malware removal: The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed. Additional information is available in this Knowledge Base article.
In its Mac Security blog, Intego said that the update only protects users of the Snow Leopard operating system and does not detect a new variant known as MacGuard, which does not require a password for installation.