Hot on the heels of Flashback, reports are circulating of another Mac-specific trojan. The new Trojan, called ‘Backdoor.OSX.SabPub.a’ uses a similar Java exploit as Flashback to infect the Mac computers via Microsoft Office docs. This new threat is a custom OS X backdoor, that once activated, connects to a remote website in command and control fashion to fetch instructions. The backdoor contains functionality to make screenshots of the user’s current session, download files and execute commands on the infected machine.
Mac users have enjoyed a prolonged period of relative safety, but as the Cupertino operating system gains traction in the workplace, hackers begin to see it as a viable alternative to hacking Windows. However, the last few established attacks have taken advantage of ancillary software, such as Java, Adobe Reader and Microsoft Office, not the base OS. This means that in addition to operating system patches, all other applications should be included in your regular patching cycle. Products like Secunia's Corporate Software Inspector (http://secunia.com/vulnerability_scanning/) and VMWare's System Center Configuration Manager (http://shavlik.com/start-now.aspx) support, Windows, Linux and OSX and provide patch management for all installed software.
Adding anti-virus to a Mac has been historically an unneeded processor overhead but is now a necessity. Standalone products like Avast! (http://www.avast.com/free-antivirus-mac) and ClamxAV (http://www.clamxav.com/) are good solutions for small offices and home users, but lack the tracking and reporting capabilities necessary for the Enterprise. McAfee Virus Scan for Mac (http://www.mcafee.com/us/products/virusscan-for-mac.asp) integrates into their System Center Configuration Manager McAfee ePolicy Orchestrator (ePO) platform for full accountability and risk management. The Symantec AntiVirus for Macintosh Corporate Edition has similar capabilities.
In summary, Apple OSX has grabbed a greater share of both the corporate and hacking worlds and must now be fully integrated into your Patch Management policies and procedures.