Apple issues security updates for Mac OS X Leopard - to fight malware menace

Filed Under: Adobe, Adobe Flash, Apple, Featured, Malware, Vulnerability

Mac OS X LionApple has released a couple of important security patches for Mac users who have shunned upgrading to Snow Leopard and Lion, and chosen to remain on Mac OS X 10.5 Leopard.

The fixes, which were already released in the last month for Snow Leopard and Lion users, should help make Mac OS X 10.5 Leopard a safer environment, and help reduce the number of Macs which became infected by the high-profile Flashback malware.

Apple's Leopard Flashback Removal Security Update should help clean up those Macs running the legacy OS who are not yet running a proper anti-virus program.

According to Apple, the update will scan Mac users' hard drives for the most prevalent variants of the Flashback Trojan horse, and remove them. In addition, the security update will also disable Safari's Java plugin by default.

SafariMeanwhile, Leopard Security Update 2012-003 disables versions of Adobe Flash Player that do not include the latest security updates, and encourages users to get the latest version directly from Adobe's website.

This additional level of protection when it comes to Safari users running Flash is good to see - as Adobe's software is so frequently exploited by malware authors and malicious hackers to infect web surfers.

Both of Apple's security updates require the latest version of Mac OS X Leopard to be installed (10.5.8) and can also be applied via the normal Software Update feature built-into Mac OS X.

It's encouraging to see Apple has not left users of this older version of the Mac OS X operating system completely out in the cold when it comes to protecting against the latest threats. Clearly they realise that it's not good for the Apple Mac's image if older computers connected to the internet are harbouring malware that could cause problems for others in the Mac community.

Of course, there are still users of Mac OS X 10.4 Tiger out there - they don't have the benefit of these security updates and are effectively playing a dangerous game with their systems as the malware threat on the Mac platform increases. There's no indication that Apple plans to bring security updates to these users.

If you're one of those Mac users, or you don't want to rely solely on security patches to keep your Mac malware-free, you can try our free anti-virus for Mac home users which supports all versions of Mac OS X from v 10.4 onwards.

, , , , ,

You might like

7 Responses to Apple issues security updates for Mac OS X Leopard - to fight malware menace

  1. THE TRUTH · 835 days ago

    It's about time

  2. Pah · 835 days ago

    I haven't *shunned* upgrading. I can't! Apple no longer supports the computer it sold me a few short years ago because it doesn't have a 64-bit CPU.

    I probably wouldn't mind so much if we were talking about Windows or Linux running on someone else's computer - one I bought from an unknown third party and that the Linux or Windows coders couldn't control.

    Ironically, though, there are still supported and updated versions of Windows and Linux for my Mac Mini. Oh, and the BSDs, in case I offend one of their fans.

    It's only Apple - which sold it to me - which has left me in the lurch :-)

  3. Richard · 834 days ago

    I'm with Pah. If you have a PPC Mac mini running Leopard, you're left out in the cold, both by Adobe and Apple.

  4. It's worth noting that Safari only disables Adobe Flash versions earlier than 10.1.102.64, which Apple included in a Security Update issued on Nov. 10, 2010. That's a long time ago! See Ed Bott's blog from May 12 (http://www.zdnet.com/blog/bott/safaris-disable-flash-feature-does-less-than-it-promises/5016).

    If I were running on Leopard or earlier I'd want to know how to protect my system against the Flashback malware. Use Firefox 3.6.24 with the NoScript add-on and a highly-restrictive whitelist? Are there browser settings for this?

    I just had a silent driveby infection on my fully-updated Snow Leopard machine. Safari 5.1.7 got hijacked. I used "empty cache then "reset Safari" to remove the symptom (a redirect to another web site) but I don't know what else might have gone wrong. Modern hackers are stealthy.

    (Yes, I'm running Sophos Antivirus for Mac and pleased with it. A full scan found no infection but detection rates are always imperfect. I'm planning to re-install Snow Leopard to fully secure the machine.)

    • Paul · 830 days ago

      Heads-up: you shouldn't be using Firefox 3.6 either, that's no longer supported by Mozilla.

  5. Apple's notion of "latest security updates" for Flash goes back to November 10, 2010. Since then Adobe has issued 17 security updates for Flash player. See Ed Bott's blog of May 12 (http://www.zdnet.com/blog/bott/safaris-disable-flash-feature-does-less-than-it-promises/5016).

  6. thecoppicer · 826 days ago

    Doesn't install on G5 PPC Dual. Presumably for Intel only?

    I've been with Apple Mac user for 2 decades and now curse the company—thieving bastards.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.