Skip to main content
  1. Home
  2. Computing
  3. News

Apple mistakenly verified a macOS malware

By

A malware Mac package slipped past Apple’s verification process, a new report finds. As per security researcher, Patrick Wardle, Apple inadvertently approved a malicious desktop app that was disguised as an Adobe Flash installer to trick users.

Apple allows Mac users to install apps from sources outside of its own App Store. However, to ensure this policy doesn’t end up infesting Macs with viruses and malware, the company has a process called “notarization” that scans apps for security issues. Developers are required to submit their code prior to distribution for approval. If an app is unable to get past this verification stage, it is automatically blocked by Mac’s built-in screening program, Gatekeeper — irrespective of where it was downloaded from.

Recommended Videos

Wardle discovered that a popular malware called Shlayer, which security firm Kaspersky labeled as the most common threat that Macs faced in 2019, featured snippets of code that were officially notarized by Apple. Therefore, if someone downloaded and tried to run this on their Mac, they wouldn’t be alerted through any warnings. Shlayer is an adware that can intercept your web traffic and replace the webpages you try to load with its own malicious ads.

Related

Apple’s review process couldn’t detect the malware and green-lighted it to run on all macOS versions, even Big Sur that is currently in beta.

“As far as I know, this is a first: malicious code gaining Apple’s notarization ‘stamp of approval’,” Wardle wrote in the blog post.

Since it was reported, Apple says it has patched and revoked the notarized payloads. Soon after that, however, the same group of attackers somehow released a new, notarized package — which Apple confirmed has been banned as well.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allows us to respond quickly when it’s discovered,” Apple commented in a statement to Digital Trends. “Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

Editors’ Recommendations

Topics
Shubham Agarwal
Shubham Agarwal
Former Digital Trends Contributor
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Is the M4 Mac mini Apple’s first true gaming PC?
Mac Mini with M4

The M4 Mac mini made its big splash last week. Among the normal Apple marketing content, however, I noticed something I'd never seen before. It's the image above that I'm talking about -- and by now, you've probably noticed the same thing that caught my eye. The PS5 controller.

Sure, you've always been able to connect up a game controller and use it for Mac gaming, but never have I seen it promoted by Apple itself. By putting this so forward in the marketing materials, Apple is not-so-subtly implying that these are PCs that are at least to some degree built for gaming. Is this Apple's first true attempt at taking a real step into the world of PC gaming? There's more evidence than you might think.
Building momentum

Read more
iOS 18’s best AI tools arrive in December, but Siri has a longer wait
Apple Intelligence on iPhone 15 Pro.

The Apple Intelligence toolkit has witnessed a staggered mix of delayed features and underwhelming perks. But it seems that the most promising set of those AI tools that Apple revealed at WWDC earlier this year is right around the corner.

In the latest edition of his PowerOn newsletter, Bloomberg’s Mark Gurman writes that the iOS 18.2 update will start rolling out via the stable channel in the first week of December.

Read more
One more year of the iMac Pro being missing in action
Apple iMac Pro News

This week, Apple announced a new M4 iMac. It got some upgrades that help make it more appealing to creatives and pros, such as the more powerful M4 chip, Thunderbolt 4, upgraded camera, and nano-texture display.

But an iMac Pro, this is not.

Read more