Microsoft detects new malware targeting Apple computers
Apple users should be sure their Mac version of Office has up-to-date patches
IDG News Service - Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.
The malware is not widespread, wrote Jeong Wook Oh of Microsoft's Malware Protection Center. But it does show that hackers pay attention if it's found people do not apply patches as those fixes are released, putting their computers at a higher risk of becoming infected.
"Exploiting Mac OS X is not much different from other operating systems," Oh wrote. "Even though Mac OS X has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications."
The security update that Microsoft released in June 2009, MS09-027, addressed two vulnerabilities that could be used by an attacker to gain remote control over a machine and run other code. Both vulnerabilities could be exploited with a specially-crafted Word document.
The exploit discovered by Microsoft doesn't work with OS X Lion, but does work with Snow Leopard and prior versions. Oh wrote that it is likely attackers have knowledge about the computers they are attacking, such as the victim's operating system version and patch levels.
The malware delivered by the exploit is written specifically for OS X and is basically a "backdoor," or a tool that allows for remote control of a computer.
Microsoft advised those who use Microsoft Office 2004 or 2008 for Mac or the Open XML File Format Converter for Mac to ensure those products have applied the patch.
"In conclusion, we can see that Mac OS X is not safe from malware," Oh wrote. "Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase."
Send news tips and comments to email@example.com
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts