Skip to main content

Apple mistakenly verified a macOS malware

A malware Mac package slipped past Apple’s verification process, a new report finds. As per security researcher, Patrick Wardle, Apple inadvertently approved a malicious desktop app that was disguised as an Adobe Flash installer to trick users.

Apple allows Mac users to install apps from sources outside of its own App Store. However, to ensure this policy doesn’t end up infesting Macs with viruses and malware, the company has a process called “notarization” that scans apps for security issues. Developers are required to submit their code prior to distribution for approval. If an app is unable to get past this verification stage, it is automatically blocked by Mac’s built-in screening program, Gatekeeper — irrespective of where it was downloaded from.

Recommended Videos

Wardle discovered that a popular malware called Shlayer, which security firm Kaspersky labeled as the most common threat that Macs faced in 2019, featured snippets of code that were officially notarized by Apple. Therefore, if someone downloaded and tried to run this on their Mac, they wouldn’t be alerted through any warnings. Shlayer is an adware that can intercept your web traffic and replace the webpages you try to load with its own malicious ads.

Please enable Javascript to view this content

Apple’s review process couldn’t detect the malware and green-lighted it to run on all macOS versions, even Big Sur that is currently in beta.

“As far as I know, this is a first: malicious code gaining Apple’s notarization ‘stamp of approval’,” Wardle wrote in the blog post.

Since it was reported, Apple says it has patched and revoked the notarized payloads. Soon after that, however, the same group of attackers somehow released a new, notarized package — which Apple confirmed has been banned as well.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allows us to respond quickly when it’s discovered,” Apple commented in a statement to Digital Trends. “Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

Shubham Agarwal
Former Digital Trends Contributor
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Apple preps smart glasses with visionOS and a Meta Ray-Ban rival
Person wearing Meta Orion smart glasses.

It’s no secret that Apple’s entry into the AR/VR segment didn’t quite stir the product revolution that the company may have expected. A cumbersome build married to a sky-high asking price for the Vision Pro headset were some of the key woes, but the company has not given up on its dreams.

On the contrary, Apple might even expand into the wearable category beyond the domains of XR itself. According to Bloomberg, the company is working on multiple ideas for smart glasses, both with advanced AR optics and those without a sophisticated display unit.

Read more
It could be a long while before we get an OLED MacBook Air
The MacBook Air on a table in front of a window.

Everyone is waiting for Apple to bring OLED displays to MacBooks, and we're expecting an OLED MacBook Pro in the next couple of years. The MacBook Air, however, may remain OLED-less even in 2027, according to a new tip from Korean outlet The Elec.

Instead, it seems Apple has begun developing a different kind of screen upgrade for the 2027 Air -- an oxide thin-film transistor (TFT) liquid crystal display (LCD). The inferior screen is often people's biggest complaint about the MacBook Air series, so any improvement will likely be welcome, but it's definitely a shame that OLED still seems to be out of reach.

Read more
Apple could finally be about to fix the Mail app on your Mac
Apple Intelligence's Mail features being presented at the Worldwide Developers Conference (WWDC) in June 2024.

If you’ve ever used the Mail app on your Mac and then compared it to more or less any of the best email apps, you’ll know that Apple’s offering is some way behind its rivals. After all, it lacked features like inbox sorting, message snoozing and undo send for years -- not exactly the height of technology, yet Mail strangely went without.

Sure, Mail has the advantage of solid privacy and security, including a Mail Privacy Protection feature that thwarts trackers’ attempts to harvest your data. But that’s never really been enough to make Mail particularly exciting. It’s simple and functional, but not much else.

Read more