Apple's Notarization Process Repeatedly Approved Malware for Mac
Apple mistakenly approved and notarized a common kind of malware for macOS on at least two occasions, reports TechCrunch.
Apple requires developers to submit their apps for security checks to run on macOS in a process called "notarization." Notarization was required from the launch of macOS Catalina. If software has not been notarized, it will be blocked by default in macOS.
Peter Dantini and security researcher Patrick Wardle at Objective-See report that they have found the first malware for Mac that has been successfully notarized by Apple, even for the latest beta version of macOS Big Sur. The notarized malware was disguised as an Adobe Flash installer, which is an oft-used technique to convince unknowing users to install a trojan.
It contained "Shlayer" malware, which is said to be the "most common threat" to Macs in 2019. Shlayer is a kind of adware that intercepts encrypted web traffic, even from securely-encrypted HTTPS-enabled websites, and replaces it with its own ads to raise fraudulent ad revenue.
The researchers believe that Apple cannot have detected the malicious code when it was submitted for approval. The discovery is particularly surprising, given that the malware and its vehicle are extremely common. Upon notification from the researchers, Apple revoked the notarization.
"Malicious software constantly changes, and Apple's notarization system helps us keep malware off the Mac and allow us to respond quickly when it's discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe," an Apple spokesperson told TechCrunch.
In spite of Apple's statement, the researchers reported that the bad actors were able to get yet another malware trojan notarized soon after. The second notarized payloads were still approved by Apple as of yesterday.
Earlier this month, a new kind of Mac malware was discovered that infects via Xcode and supposedly can infiltrate the Mac App Store, undetected by Apple.
Popular Stories
Apple today released new firmware designed for the AirPods Pro 3, the AirPods 4, and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B25, while the AirPods Pro 2 and AirPods 4 firmware is 8B21, all up from the prior 8A358 firmware released in October.
There's no word on what's include in the updated firmware, but the AirPods Pro 2, AirPods 4 with ANC, and AirPods Pro 3...
iOS 26 extended pinned conversations in the Messages app to CarPlay, for quick access to your most frequent chats. However, some drivers may prefer the classic view with a list of individual conversations only, and Apple now lets users choose.
Apple released the second beta of iOS 26.2 this week, and it introduces a new CarPlay setting for turning off pinned conversations in the Messages...
Tesla is working to add support for Apple CarPlay in its vehicles, Bloomberg's Mark Gurman reports.
Tesla vehicles rely on its own infotainment software system, which integrates vehicle functions, navigation, music, web browsing, and more. The automaker has been an outlier in foregoing support for Apple CarPlay, which has otherwise become an industry standard feature, allowing users to...
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone.
iPhone Pocket is available to order on Apple's online store starting today, in the United States, France, China, Italy, Japan, Singapore, South Korea, and the United Kingdom. However, it is already completely sold out in the United...
Starting with the upcoming tvOS 26.2 update, currently in beta, additional profiles created on the Apple TV no longer require their own Apple Account.
In the Settings app on the Apple TV, under Profiles and Accounts, anyone can create a new profile by simply entering a name and indicating whether the profile is for a kid. The profile will be associated with the primary user's Apple Account,...
While it was rumored that Apple planned to release new versions of the HomePod mini, Apple TV, and AirTag this year, it is no longer clear if that will still happen.
Back in January, Bloomberg's Mark Gurman said Apple planned to release new HomePod mini and Apple TV models "toward the end of the year," while he at one point expected a new AirTag to launch "around the middle of 2025." Yet,...
Apple released the first iOS 26.2 beta last week. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more.
In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date....
Today marks the fifth anniversary of the Apple silicon chip that replaced Intel chips in Apple's Mac lineup. The first Apple silicon chip, the M1, was unveiled on November 10, 2020. The M1 debuted in the MacBook Air, Mac mini, and 13-inch MacBook Pro.
The M1 chip was impressive when it launched, featuring the "world's fastest CPU core" and industry-leading performance per watt, and it's only ...
Walmart's Black Friday sale has officially kicked off today, with an online shopping event that's also seeing some matching deals in retail locations. There are quite a few major discounts in this sale, including savings on headphones, TVs, and more.
Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us...
Apple today provided developers with the second beta of iOS 26.2, which adds a few new features worth knowing about.
Measure App
Apple's Measure app now features a Liquid Glass design for the level, with two Liquid Glass bubbles instead of white circles.
Games App
There's now an option to sort games in the Games app Library by size, in addition to Name and Recent.
CarPlay
The...
