What you need to know
- Apple inadvertently approved malware to run on macOS last year.
- That's according to security researchers.
- Apple did not detect malicious code in the software and approved it to run on Macs.
Apple inadvertently approved Mac malware that used notarized code last year, according to two security researchers.
Apple has some of the strictest rules to prevent malicious software from landing in its app store, even if on occasion a bad app slips through the net. But last year Apple took its toughest approach yet by requiring developers to submit their apps for security checks in order to run on millions of Macs unhindered.
Apple uses notarization to scan apps for security problems and malicious content. If approved, it means Apple's Gatekeeper software will allow the app to run. Two security researchers say that they have discovered the first instance of a malware campaign that used notarized, as opposed to unnotarized code, which means Apple missed malicious code in the app and approved its use on the platform:
Peter Dantini, working with Patrick Wardle, a well-known Mac security researcher, found a malware campaign disguised as an Adobe Flash installer. These campaigns are common and have been around for years — even if Flash is rarely used these days — and most run unnotarized code, which Macs block immediately when opened.
But Dantini and Wardle found that one malicious Flash installer had code notarized by Apple and would run on Macs.
The code used was a piece of malware called "Shlayer" which can intercept encrypted web traffic, replacing websites and search results to make money.
The blog report states that this means that the malicious payloads were sent to Apple before being distributed, upon which Apple scanned them and found no problems, inadvertently notarizing software that was actually malware. The blog notes that the payloads were allowed to run on macOS, even the Big Sur beta, where it was highly likely that because of the app's notarized status, users would have been trusting of the malware.
In a statement, an Apple spokesperson said:
"Malicious software constantly changes, and Apple's notarization system helps us keep malware off the Mac and allow us to respond quickly when it's discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe."
Since the discovery, the attackers created a new notarized payload which also bypassed the same system, which Apple has also intervened to block.
We may earn a commission for purchases using our links. Learn more.
Plan your day with Hour Blocks and its amazing iOS 14 Home screen widgets
Planning your day is no fun but sometimes you find an app that goes some way to making it less boring. Hour Blocks does a decent job and it looks lovely, too.
Scribble Together gets the coolest iOS 14 App Clip we've seen so far
Scribble Together has released its new App Clip for Scribble Together, which will allow users to collaborate on a Scribble Together whiteboard even if they don't have the app.
TikTok is being banned in the U.S. from Sunday, September 20
The U.S. Department of Commerce will ban TikTok and WeChat from U.S app stores from Sunday.
For the 12.9-inch iPad Pro, matte is where it's at
With a reputation for reducing eye strain and as a natural light diffuser, matte screen protectors are a great choice to fully protect your iPad while not compromising on the look and feel of your device.