Apple issues security updates, as NCP Engineering rolls out VPN client suite for Macs

News by Dan Raywood

Apple has updated its Mac malware protection in a 'secret update' following a software update this week.

Apple has updated its Mac malware protection in a ‘secret update' following a software update this week.

Although not documented by Apple, Mac OS X 10.6.4 has been updated to provide limited protection against OSX/Pinhead-B (called HellRTS by Apple), a backdoor Trojan that can allow remote hackers to gain control over Mac computers for the purposes of identity theft, spying and the distribution of spam.

Mac security firm Intego commented that in the latest update to Mac OS X 10.6.4 Apple's anti-malware feature now protects against three types of malware. Graham Cluley, senior technology consultant at Sophos, welcomed the update, but wondered why Apple did not announce they were making this update in the release notes or security advisory that came with Mac OS X 10.6.4.

He said: “It's almost as if they don't want to acknowledge that there could be a malware threat on Mac OS X. It's true to say that there are far fewer malware threats for Mac than there are for Windows - but that doesn't mean the problem is non-existent. Unfortunately, many Mac users seem oblivious to security threats which can run on their computers, even though Apple has now built-in some elementary protection.

“This lack of awareness isn't helped when Apple issues an anti-malware security update by stealth, rather than informing the public what it has done. You have to wonder whether marketing motives are at play behind such decisions.”

This week Apple released an update to its operating system to fix 28 security flaws. Mac OS X 10.6.4 addressed flaws in 17 components including CUPS, iChat, Network Authorization, SquirrelMail, Ruby, Wiki Server and Flash Player. A new version of iTunes, version 9.2, was also released with new features, improvements and security fixes.

Intego said that what is common with such updates is that the release not only fixes bugs and provides optimisations for performance, but also includes a number of security fixes.

Intego said: “There are fixes for both client and server versions of the software. The updates, for the client or server versions of Snow Leopard, range in size from 222MB (for the Leopard version) to over 1GB (for the Snow Leopard Server combo update) and are available here or via Software Update.”

Writing on the Secuiteam blog, Xyberpix said: “I have to say that considering Apple has received a bit of a beating in the past about releasing security updates in a timely manner, if you look into the vulnerabilities identified and mitigated below, a lot of these have been found internally by Apple, so well done guys, keep up the great work!”

Meanwhile NCP engineering has announced the release of a Mac OS X VPN Client Suite. It said that the suite will provide businesses with a VPN client that supports strong authentication and has an integrated personal firewall, NCP's VPN pathfinder technology, as well as federal information processing standards.

It supports Mac OS X Leopard 10.5 and Snow Leopard 10.6. Simon Ford, sales director Europe at NCP Engineering, said: “This is a customisation of our product line to support PCs and mobiles. As the security landscape continues to evolve, and reports that there is an attack every 4.5 seconds affecting a computer, ensuring VPN's are secure is imperative in the battle to keep the criminals away from the enterprise network. We offer the same features as provided in the long established NCP Secure Client for Windows.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews