New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware

Yesterday, word surfaced of new malware targeting major browsers on the Mac platform with adware capable of injecting advertising into users' browsing experiences. The malware, known as "Yontoo", masquerades as a video plug-in or download accelerator in order to trick users into installing the package.

yontoo_xprotect
As noted by security firm Intego, Apple has already updated its "Xprotect" anti-malware system to recognize Yontoo and warn users who attempt to install it on their machines.
Apple has decided the Yontoo Adware has fallen too far on the side of undesirable behavior, as they have released an update to the XProtect.plist definitions file to provide Mac OS X with basic detection for the Yontoo adware as OSX.AdPlugin.i. In testing, it appears this detection is very specific and potentially location-dependent. This extra specificity is likely there so as to catch only the surreptitious installations of this file.
Apple routinely uses its Xprotect anti-malware tools introduced in OS X Snow Leopard to provide rudimentary protection against threats, and has expanded its efforts in OS X Mountain Lion with the introduction of Gatekeeper to allow users to restrict app installation to software from identified developers registered with Apple, or even to only apps installed through the Mac App Store.

Apple has also been using Xprotect to enforce minimum version requirements for plug-ins such as Java and Flash Player, forcing users to upgrade from earlier versions known to have significant security issues.

Top Rated Comments

(View all)

22 months ago
Great news. Though I've said it before, all software must pass through my built-in antivirus called "common sense." It's updated frequently.

So I'm not too worried.
Rating: 18 Votes
22 months ago
But what about my freedom to install adware!
Rating: 10 Votes
22 months ago

But what about my freedom to install adware!


Said no one ever.
Rating: 7 Votes
22 months ago

But what about my freedom to install adware!


Such freedoms should come with free laxative overdoses.
Rating: 6 Votes
22 months ago

But what about my freedom to install adware!

You joke now...

... Just wait till OS XI debuts and you'll have to wait for the jailbreak to install third-party apps. ;)
Rating: 5 Votes
22 months ago

This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.


Shouldn't matter much to you since you're running Windows 7...
Rating: 4 Votes
22 months ago

This solution Apple has seems overly simple, or Im I missing something?

Not complaining, its awesome that they found such a simple way of doing this.

Anyone know exactly how this works?


It is very simple, and that's cause it's all that's necessary. Malware for OSX doesn't exploit vulnerabilities or security flaws that would allow it to get around this. They literally ask the user for permission to install themselves (thus "trojans"). All this measure does is alert the user if they attempt to grant permission to something that Apple has blacklisted.
Rating: 3 Votes
22 months ago

But what about my freedom to install adware!


I think if you rename the file, it will install. A little extra work, but this way you can get your freedom back. :D
Rating: 3 Votes
22 months ago

But what about my freedom to install adware!


Indeed!
The Tea Party way!
Rating: 3 Votes
22 months ago
Gee I thought the Liberals outlawed all viruses and Bloomberg saved us from malware.
Rating: 2 Votes

[ Read All Comments ]