New Mac OSX malware highlights risks of late patching

Microsoft has discovered that a Mac vulnerability it patched in 2009 is still affecting Snow Leopard and earlier OS versions

Microsoft has detected new malware targetting Apple's Mac OSX operating system, which is able to allow a remote attacker to gain control of a user's machine and install other malicious code.

The firm originally released a patch for the Mac version of its Office suite of software which fixed the vulnerability exploited by the malicious code in 2009, but this week announced that it has seen new malware attacking upatched users.

Jeong Wook Oh of Microsoft's Malware Protection Center wrote on the firm's security blog that hackers are aware that not all users have applied the security patch.

"Despite the availability of the bulletin, not every machine is up to date yet - which is how nearly three years later, malware has emerged that exploits the issue on machines running Office on Mac OS X."

He added that Macs are as vulnerable to cyber attack as other operating systems, despite widespread belief among Apple's customers that the machines are safer.

"We can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase.

"Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correllation with updating installed applications."

Affected products are: Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac or Open XML File Format Converter for Mac. The patch is available from Microsoft's security centre.