Skip to main content
  1. Home
  2. Computing
  3. News

Apple mistakenly verified a macOS malware

By

A malware Mac package slipped past Apple’s verification process, a new report finds. As per security researcher, Patrick Wardle, Apple inadvertently approved a malicious desktop app that was disguised as an Adobe Flash installer to trick users.

Apple allows Mac users to install apps from sources outside of its own App Store. However, to ensure this policy doesn’t end up infesting Macs with viruses and malware, the company has a process called “notarization” that scans apps for security issues. Developers are required to submit their code prior to distribution for approval. If an app is unable to get past this verification stage, it is automatically blocked by Mac’s built-in screening program, Gatekeeper — irrespective of where it was downloaded from.

Recommended Videos

Wardle discovered that a popular malware called Shlayer, which security firm Kaspersky labeled as the most common threat that Macs faced in 2019, featured snippets of code that were officially notarized by Apple. Therefore, if someone downloaded and tried to run this on their Mac, they wouldn’t be alerted through any warnings. Shlayer is an adware that can intercept your web traffic and replace the webpages you try to load with its own malicious ads.

Related

Apple’s review process couldn’t detect the malware and green-lighted it to run on all macOS versions, even Big Sur that is currently in beta.

“As far as I know, this is a first: malicious code gaining Apple’s notarization ‘stamp of approval’,” Wardle wrote in the blog post.

Since it was reported, Apple says it has patched and revoked the notarized payloads. Soon after that, however, the same group of attackers somehow released a new, notarized package — which Apple confirmed has been banned as well.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allows us to respond quickly when it’s discovered,” Apple commented in a statement to Digital Trends. “Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

Editors' Recommendations

Topics
Shubham Agarwal
Shubham Agarwal
Journalist
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
The biggest threat to the MacBook this year might come from Apple itself
The MacBook Air on a white table.

MacBooks have held a dominant position in the laptop world for the past few years. Though there have been meaningful rivals from the Windows side of the aisle, the MacBook Air and MacBook Pro still feel like they hold an unshakeable lead at the moment.

But according to the latest reports, the most serious challenger to the MacBook's reign won't come from Windows -- it'll come from within Apple in the form of some very advanced new iPads.
What's a computer?

Read more
I was wrong about using Stage Manager on Mac
Stage manager in macOS Ventura.

Stage Manager is one of those software features that has had a rather bumpy road since Apple launched it in 2022. The unique multitasking feature has landed itself in a heap of criticism over its short lifespan.

I, however, was not one of these critics. I was super excited by Stage Manager and the promise it contained. It was something new and shiny, here to shake up macOS in a fresh and different way. Even after using it myself, I foresaw it fundamentally changing the way I used my Mac.

Read more
Does your Mac really need antivirus software? We asked the experts
The MacBook Air on a white table.

There’s been a long-held belief that if you own a Mac, you don’t need to use any type of antivirus software to keep your machine free of malware and other destructive code. But it turns out this may actually be more of an old wive’s tale than even the most devoted MacOS users would like to admit. Indeed, Apple has built many safeguards into its operating system, but that doesn’t always mean you’re completely safe. 

We get it: Who would want to sign up for a free or paid version of another computer-adjacent thing? That being said, it never hurts to have too much protection for your Mac. This is a complex topic though, and we asked some Apple insiders to weigh in on the discourse.
Vulnerabilities in Apple’s systems
The belief that Macs are fairly resilient to malware isn’t just idle fanboy-ism. Windows PCs make up roughly 90% of the market, making them a much more attractive target to malware makers.

Read more