The recent MacDefender malware (aka MacProtector and MacSecurity) scams have duped a number of people into unknowingly offering their credit card information. In the days and weeks following the initial reports of this malware we and other sites covered the scope of it and how to remove it. Apple followed by issuing a knowledge base article of its own on how to remove the malware, and also mentioned that OS X would be updated to include detection for this malware.
As CNET's Josh Lowensohn reported earlier, Apple today released a security update that addresses this threat by providing OS X with the ability to detect and remove the malware.
The way this works is that the update provides new definitions to Apple's rudimentary "XProtect" malware detection technology, allowing it to detect the presence of the malware threats in files you download from the Internet. The update does not prevent you from visiting malicious Web sites, but it will notify you if you have downloaded an installer package for the MacDefender malware and its variants, and will give you an option to delete the file if you choose to do so. In addition, the software update will scan for and remove the malware from your system (though this is done at installation and not as an ongoing process).
In addition to providing the system with the ability to check for and remove the latest malware threats, the update also has options to automatically update malware definitions on a daily basis so you won't have to wait for Apple to release a security update to tackle any new malware that develops for OS X. This option is in the Security system preferences and if checked, will have the system regularly check for definitions updates.
We recommend that you install this update on all Macs for which the update is intended (Intel-based systems running OS X 10.6.7 or greater) but even with this update, be aware that malware developers will try to circumvent it and coerce you into installing their programs. It's great that Apple has tackled this issue and is offering an option to detect and remove it, but ultimately it is up to users to keep their systems safe and not install any software unless they know exactly where it came from and understand it to be a legitimate software package.