Apple has been known to push various security patches for OS X quite often, and 10.6.4 specifically prevents the installation of a dangerous trojan which can be used by hackers to capture data from the target machine. With an ever vigilant stance on security, Sophos noticed an update to a file called XProtect.plist which points to the new threat, codenamed “HellRTS” by Apple. Sophos officially names HellRTS the OSX/Pinhead-B Trojan, which was distributed through a disguised download of iPhoto.
What concerns Sophos is that Apple is particularly quiet about their stealthy update, stating, “It’s almost as if they don’t want to acknowledge that there could be a malware threat on Mac OS X.”
Malware has been a part of the Mac OS X world for some time, with a majority of it being downloaded via pirated software like iWork. As a gentle reminder, always be aware of what you download online - malicious files won’t have the ability to do harm unless you give them explicit permission to do so.
[via 9 to 5 Mac]