Apple’s devices are known for being secure. And the Cupertino-based tech giant keeps on improving the security on its device every year. Last year, Apple took a major step to make Macs even more secure by introducing a process called “Notarization.” In this process, developers have to submit their apps to Apple where it checks the app for malicious content and security issues. If the app passes the test, a security feature on Mac dubbed Gatekeeper allows the app to run. However, it has now come to light that Apple had accidentally allowed malware to run on Macs.
A well-known Mac security researcher, Peter Dantini, who works with Patrick Wardle, came across a malware that was residing under the name Adobe Flash Installer. According to reports online, this malware is based on another popular malware named Shlayer. It intercepts encrypted web traffic and replaces webpages and results with its own ads, making fraudulent ad money for operators. Such types of malware are common and they run unnotarized code. Any Mac with the Gatekeeper feature will block such software/malware detecting that it runs an unnotarized code.
However, Dantini and Patrick found that this malware was able to run on Macs. And how was that possible? Well, Dantini and Patrick reveal that the code of this malware was surprisingly notarized by Apple itself. According to Wardle, Apple did not check the app for malicious activity when it was submitted to the brand and approved it to run on millions of Macs across the world. This malware-filled app runs even on Macs running the beta version of the macOS Big Sur. After the issue came into light, Apple immediately revoked the notarized code, preventing it from running on Macs.
“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe,” said an Apple spokesperson to TechCrunch.
Unfortunately, the attackers are back again with a new notarized code, which is able to run on Macs. And Apple is yet to fix this new threat.
While Apple products are rarely affected by such security breaches, this particular incident shows us that Apple’s security process is not foolproof.[Source: TechCrunch]