Apple Releases Security Update To Remove Mac Defender

The promised software update to automatically find and remove known variants of the Mac Defender malware has just been released by Apple and it’s now available in the Software Update panel or Downloads website. The KB article HT4657 explains Apple has added a “OSX.MacDefender.A” definition to the malware check within File Quarantine. On Mac OS X 10.6.7, the installation process of the security update “will search for and remove known variants of the MacDefender malware”. Users will also be notified after a MacDefender variant is removed, and Apple offers more details and information in this article as well.

Mac OS X malware list is now updated daily in the background without the need of a manual software update:

Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.

Security Update 2011-003 provides additional protection by checking for the MacDefender malware and its known variants. If MacDefender malware is found, the system will quit this malware, delete any persistent files, and correct any modifications made to configuration or login files. After MacDefender is identified and removed, the message below will be displayed the next time an administrator account logs in.

Mac OS X 10.6.8 was rumored to be the software update to include a fix for Mac Defender, but it’s likely that Apple also pushed a security update for users that will keep running the older 10.6.7 Snow Leopard version, with 10.6.8 getting the Mac Defender fix built-in.

Update: Ed Bott at ZDNet posted two videos showing the difference between Mac Defender’s Mac Guard variant in action before the security update, and the new File Quarantine successfully identifying it and removing it after the update.



Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.