McAfee, Inc. Provides Protection Against New Mac Os X Exploits and Viruses
New Mac OS X exploits demonstrate renewed interest by Malware Authoring Community in the Mac OS Platform
BEAVERTON, Ore., Feb. 23 -- McAfee, Inc. (NYSE:MFE), the leading dedicated security technology company, today announced that it provides protection from attacks targeting the newly discovered Apple Mac OS X Command Execution Vulnerability and the recent worms targeting the Mac OS X platform, including OSX/Inqtana.a and OSX/Leap. While McAfee® AVERT® Labs, the world-class research division of McAfee, Inc., has traditionally viewed Mac threats as a non-issue and rates the worms Low-Profile at this time, it does believe these threats demonstrate a renewed interest by the malware authoring community in the Mac OS platform.
The Apple Mac OS X Command Execution Vulnerability, which was discovered February 21 by Michael Lehn, is a critical vulnerability that exists when accessing specially crafted files. Both proof of concept exploits and malicious exploit code are public, and a patch is not yet available. Apple Mail and Safari have been identified as attack vectors for this vulnerability.
"Given recent activity, McAfee AVERT Labs forecasts that attackers may attempt to test the viability of exploiting this vulnerability en masse, by producing a reconnaissance Trojan to identify a vulnerable user base," said Craig Schmugar, virus research manager, McAfee AVERT Labs. "Exploit source code with a payload has been published. Now, the message is 'welcome to zero-day vulnerability land for many Mac OS X users' Only, Mac OS X users are less prepared, less aware and mitigation tools are less evolved."
OSX/Inqtana.a, which was discovered February 18, is a proof of concept worm that exploits an Apple Mac OS X Directory traversal vulnerability in the Bluetooth file and object exchange services (CVE-2005-1333). This worm spreads over the Bluetooth OBEX Push service, which typically requests the user to accept a file transfer over Bluetooth. It also exploits a directory traversal vulnerability in Mac OS X to install and auto-start the worm on the infected machine. Users are advised not to accept requests from unknown devices.
OSX/Leap, which was discovered February 16, is an instant messaging worm propagating via iChat on PowerPC-based machines running Mac OS X. The worm sends itself to people on the user's buddy list in the form of a .tgz archive and attempts to masquerade as a jpeg image file to trick the user into executing it. OSX/Leap requires user interaction in order to infect a machine.
McAfee Solutions
McAfee Virex® for Macintosh® offers protection against OSX/Inqtana.a and OSX/Leap, and the known exploits targeting the unpatched Command Execution vulnerability. McAfee Virex, designed for the Mac OS X operating system provides real-time prevention of viruses, worms, Trojans and other potentially unwanted programs across their Macintosh and heterogeneous environments.
System Protection and Cure
More information on OSX/Inqtana.a, OSX/Leap and the cures for these worms can be found online at vil.mcafee.com. McAfee Virex customers have been protected from OSX/Leap since the 4698 DAT files. Specific named detection as OSX/Inqtana.a has been available since the 4701 DAT release of February 20. McAfee AVERT Labs recommends all customers ensure they are running the latest DAT release and schedule full system scans to insure an infection-free environment.
Until there is a patch released for the Apple Mac OS X Command Execution Vulnerability, McAfee AVERT Labs advises Mac OS X users to exercise caution when downloading files from the web and accessing email attachments. Safari users should uncheck the option to "Open 'safe' files after downloading" and users should not open email attachments that they were not expecting.
McAfee AVERT Labs maintains one of the top-ranked security threat and research organizations in the world, employing researchers in thirteen countries on five continents. McAfee AVERT Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield®, McAfee Entercept®, McAfee Foundstone® Research, and McAfee Foundstone Professional Services organizations. McAfee protects customers by providing deep analysis and core technologies that are developed through the combined efforts of its researchers.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California and the leading dedicated security technology company, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. www.mcafee.com
Source: McAfee, Inc.
CONTACT: Tracy Ross of McAfee, Inc., +1-408-346-5965, or
tracy_ross@mcafee.com; or Charlotte Holder of Red Consultancy,
+1-415-618-8806, or charlotte.holder@redconsultancy.com
Web site: www.mcafee.com/
