The Apple Security Report: So Are You Happy Now?

May 5th, 2011

After taking a few days to come up with a suitable explanation as to why a certain tracking file was present in the iPhone, iPads, and other gadgets that detected your whereabouts, Apple last week offered a reasoned and reasonable explanation of why it was present, and its purpose. In short, if you want to use the Location feature, to allow apps to know where you were, that file was required to cache the information.

The matter seemed trivial enough, until security researchers discovered that the file wasn’t deleted when you turned off your iOS gadget’s Location feature. Worse, it was still backed up when you synced your gadget to iTunes on a Mac or a PC.

Now in theory, the relevant data, even if it was somehow retrieved by outsiders, would only provide a general indication of nearby network access points (cell towers and Wi-Fi routers) you may have accessed during your travels. Certainly, what you were actually doing couldn’t be recorded, but if your employer monitored you in that fashion, and found that you were hanging out near a night club in one city, when you were supposed to be attending a business conference in another, you’d be in real trouble. And deservedly so.

More seriously, Apple admitted that the tracking file should have been zapped when you turned off Location, only it wasn’t. Also it was far too large, thus storing data for months rather than days. They promised a solution in a few weeks, but there’s something about under-promising and over-delivering that can strike a positive chord. So on Wednesday morning, iOS 4.3, with most of the promised fixes, was delivered.

The update restricts the data file to seven days duration, and won’t copy it to your Mac or PC when you’re syncing your iOS gadget. The file will no longer be present when Location is off; a future iOS update will actually encrypt the file.

So far, early reports indicate that the fixes have indeed been made, so I wonder what’s going to happen to that pending lawsuit against Apple over this issue, although the instigators of that action will likely find other causes to keep it going. After all, Apple should have known what they were doing, and perhaps they released the fix when they were caught, not because their employes are human and make mistakes.

Most of you will probably be content to seek out other conspiracies to be concerned about, and I’m certain there are plenty to be found out there.

Meantime, there appears to be some more genuine Mac malware in the wild, in the form of a false antivirus program that is known as Mac Defender. It shows up by tricking search engines to display certain links, which take you to a fake Web site displaying a bogus Windows-style virus warning. After pretending to scan your computer, you’re warned that your Mac is infected, and you are offered an app to fix it.

Stay with me now, as this gets complicated.

The download comes in the form of a standard Zip archive, one that’s acceptable to Safari if you have the “Open ‘safe” files after downloading” option selected; it might make sense to turn this preference off. After the download is complete, the file is decompressed, launching a standard Mac OS X Installer. Understand that the Internet criminals behind this scheme are smart. The installer screen appears perfectly normal, as is the bogus app that’s installed, which looks and feels very much the same as any other Mac app.

But get this: If you run the app, it will force Safari to take you to a porno site, and you’ll be offered a subscription to Mac Defender to protect you against such “unwelcome” intrusions.

The scheme is obvious. You are being asked to pay for an app subscription because of the fake warnings, and you will be buying software that doesn’t do anything other than to induce you to keep up your subscription. Beyond stealing your money, your Mac appears to be uninjured, except, of course, for Mac Defender’s efforts to sell you something you don’t need. Clearly the characters who devised this scheme found a clever way to profit from this fraud.

Meantime, genuine Mac security programs are being updated to stop Mac Defender in its tracks, along with a variant, known as Mac Security. But the easiest way to defend yourself is not to install that garbage, or any program unless you are dead sure you wanted it.

Now this sort of scam is already present in the Windows world, where similar bogus apps tailored for that platform have long been available. As the Mac continues to expand way faster than Windows PCs, you can bet that more and more malware authors will be in search of greener pastures. If you are vigilant in what you install on your Mac, you have nothing to worry about, at least for now. If you do feel you need an app to protect yourself against malware, visit the Mac App Store, or check a responsible dealer, such as Amazon, or any of the Mac-specific online retailers, to find real products that actually offer value in exchange for your payment.

| Print This Article Print This Article

3 Responses to “The Apple Security Report: So Are You Happy Now?”

  1. pjs_boston says:

    Here is another take on why Apple took just under a week to respond to the iPhone location logging issue. Apple waited to respond until their engineers had a chance to go through the code and verify that a fix could be make quickly. Once this was confirmed, Apple execs were free to own up to the problem and make promises. Nothing like going into a PR battle with actual weapons!

  2. PALemon says:

    Good article.

    One small update – I believe the malware is called MAC Defender (MAC is in Caps).
    So it’s easy to confuse this with the legitimate site called

    Small spelling difference that is so important.
    Thanks for all the great articles.

  3. David Johnson says:

    The iPhone flap didn’t disturb me at all. I downloaded the little app to look at the file and that was a far as it went. Since there is no one at my location except my wife and me, it didn’t matter.

Leave Your Comment