Apple's Notarization Process Repeatedly Approved Malware for Mac
Apple mistakenly approved and notarized a common kind of malware for macOS on at least two occasions, reports TechCrunch.
Apple requires developers to submit their apps for security checks to run on macOS in a process called "notarization." Notarization was required from the launch of macOS Catalina. If software has not been notarized, it will be blocked by default in macOS.
Peter Dantini and security researcher Patrick Wardle at Objective-See report that they have found the first malware for Mac that has been successfully notarized by Apple, even for the latest beta version of macOS Big Sur. The notarized malware was disguised as an Adobe Flash installer, which is an oft-used technique to convince unknowing users to install a trojan.
It contained "Shlayer" malware, which is said to be the "most common threat" to Macs in 2019. Shlayer is a kind of adware that intercepts encrypted web traffic, even from securely-encrypted HTTPS-enabled websites, and replaces it with its own ads to raise fraudulent ad revenue.
The researchers believe that Apple cannot have detected the malicious code when it was submitted for approval. The discovery is particularly surprising, given that the malware and its vehicle are extremely common. Upon notification from the researchers, Apple revoked the notarization.
"Malicious software constantly changes, and Apple's notarization system helps us keep malware off the Mac and allow us to respond quickly when it's discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe," an Apple spokesperson told TechCrunch.
In spite of Apple's statement, the researchers reported that the bad actors were able to get yet another malware trojan notarized soon after. The second notarized payloads were still approved by Apple as of yesterday.
Earlier this month, a new kind of Mac malware was discovered that infects via Xcode and supposedly can infiltrate the Mac App Store, undetected by Apple.
Popular Stories
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 28 through Monday, December 1 in many countries, including the United States, Canada, Australia, New Zealand, France, Germany, Italy, Spain, the United Kingdom, Belgium, the Netherlands, Sweden, Thailand, and others.
During the shopping event, customers can get an Apple gift card with...
Apple today announced an expansion of AppleCare+ coverage in India, with new options for monthly and annual plans, and the addition of Theft and Loss for iPhone for the first time.
Options for monthly and annual AppleCare+ plans in India provide more choice and flexibility, allowing users to keep coverage for as long as they require. Apple's vice president of Worldwide iPhone Product...
Apple provided developers with the third beta of an upcoming iOS 26.2 update, and there are still new features that are being added with each beta that we get. We've rounded up all of the changes that Apple made in beta 3.
AirDrop
Apple added new AirDrop functionality, providing a way for two people to share files temporarily without having to add one another as contacts.
iOS 26.2...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max.
One thing worth...
Apple's eighth-generation iPad mini is highly likely to arrive next year, offering a significant refresh of the device with at least four major new features.
OLED Display
The next-generation version of the iPad mini could feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple Watch in 2015, ...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
Starting this Wednesday, November 19, the feature will be available to residents of Illinois.
The announcement confirmed that the...
A new study has revealed that the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air achieve significantly faster average Wi-Fi speeds compared to the iPhone 16 series, thanks to Apple's custom-designed N1 chip.
The study was conducted by Ookla, the company behind the popular Speedtest website and app. It said the results are based on global, crowdsourced Speedtest user data...
We're getting closer to Black Friday, which lands next week on Friday, November 28. In the lead-up to the shopping holiday, we're tracking a few lowest-ever prices on Apple's most popular Macs, including the M4 MacBook Air and brand new M5 MacBook Pro.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment,...
Apple today released updated firmware for several accessories, including the 140W USB-C Power Adapter, the Magic Trackpad 2, the Magic Trackpad USB-C, the Magic Keyboard with Touch ID, and the Magic Keyboard with Touch ID and Numeric Keypad.
There is no word on what's included in the updated firmware at this time, but it could offer performance improvements and security updates. Accessory...
Apple Watch owners have been voicing their frustration online over changes to the Workout app that Apple introduced in watchOS 26, with many finding the redesigned interface makes starting exercises difficult and exasperating.
When Apple launched watchOS 26 in September, the Workout app went from large, easily tapped workout tiles to a scrolling, corner-button interface. Instead of tapping a ...
