But it's not a problem unique to Macs, he added.
"We've seen it already play out on Windows, where it's called a zone identifier," he says.
There is nothing that Apple can do to force software developers to set this flag, he confirms. "Download accelerators tend not to set this flag. Torrent clients almost never set that flag."
Look beyond signatures
Even if the signature-based approach was comprehensive, worked for all software downloaders, and applied to existing software as well as to new infections, security experts recommend that enterprises don't put too much reliance on it.
"As soon as Apple releases an update to the XProtect signatures, the malware authors also get those signatures and can immediately change their malware to bypass them," says Williams. "This is a trivially easy process and happens within minutes of the signature being released."
Enterprises need to look to heuristic or behavior-based approaches to combat malware, says Ian Amit, vice president at ZeroFox, a Baltimore-based security firm.
"Security officers who can apply a behavioral fix to the problem will be able to identify already infected devices, and combat similar malware," he says.
User education would help, as well, he says, since users download this malware voluntarily.
Sign up for CIO Asia eNewsletters.