A newer variant of Mac Defender which bypassed Security Update 2011-003 on Tuesday has in turn been defeated by a definition update, an Italian website notes. A check of Snow Leopard’s XProtect.plist file should now show an entry for “OSX.MacDefender.C.” Definitions for A and B variants of the malware were included with the Security Update.
The PLIST file reveals that Apple is indeed doing silent updates of Snow Leopard’s antivirus protection, rather than notifying people of changes. The Security Update introduced automatic definition updates to the OS, similar to systems employed by third-party AV tools. By building definitions to update without formal patches, Apple should be able to more rapidly respond to the growing number of Mac security threats.