A new version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings.
From Apple Insider:
From Apple Insider:
According to security researchers at F-Secure, “Flashback.C” is potentially capable of disabling the auto-update component of Apple’s built-in XProtect anti-malware application by overwriting the system binary that checks for updates, XProtectUpdater. That functionality is apparently not yet active, however.Fake Adobe Flash malware seeks to disable Mac OS X anti-malware protection
Once the malware is installed and delivered an external payload from malicious servers, the local system would be unable to obtain the latest anti-malware definitions and could subsequently be infected by other malicious programs the user installs without seeing the warnings that Mac OS X's XProtect feature is designed to present to users when they attempt to install malicious software that matches known threats, a definition list Apple maintains and which XProtectUpdater references daily.