Apple's Notarization Process Repeatedly Approved Malware for Mac

by

Apple mistakenly approved and notarized a common kind of malware for macOS on at least two occasions, reports TechCrunch.

bigSur

Apple requires developers to submit their apps for security checks to run on macOS in a process called "notarization." Notarization was required from the launch of macOS Catalina. If software has not been notarized, it will be blocked by default in macOS.

Peter Dantini and security researcher Patrick Wardle at Objective-See report that they have found the first malware for Mac that has been successfully notarized by Apple, even for the latest beta version of macOS Big Sur. The notarized malware was disguised as an Adobe Flash installer, which is an oft-used technique to convince unknowing users to install a trojan.

It contained "Shlayer" malware, which is said to be the "most common threat" to Macs in 2019. Shlayer is a kind of adware that intercepts encrypted web traffic, even from securely-encrypted HTTPS-enabled websites, and replaces it with its own ads to raise fraudulent ad revenue.

The researchers believe that Apple cannot have detected the malicious code when it was submitted for approval. The discovery is particularly surprising, given that the malware and its vehicle are extremely common. Upon notification from the researchers, Apple revoked the notarization.

"Malicious software constantly changes, and Apple's notarization system helps us keep malware off the Mac and allow us to respond quickly when it's discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe," an Apple spokesperson told TechCrunch.

In spite of Apple's statement, the researchers reported that the bad actors were able to get yet another malware trojan notarized soon after. The second notarized payloads were still approved by Apple as of yesterday.

Earlier this month, a new kind of Mac malware was discovered that infects via Xcode and supposedly can infiltrate the Mac App Store, undetected by Apple.

Tag: Malware
Related Forum: macOS Big Sur

Popular Stories

M4 iMac With Magic Accessories

Apple Announces iMac With M4 Chip, Upgraded Camera, Nano-Texture Display Option, and More

Monday October 28, 2024 8:01 am PDT by
Apple today announced that it has updated the 24-inch iMac with the M4 chip, which debuted in the iPad Pro earlier this year. This upgrade comes around one year after the previous iMac with the M3 chip was released. Subscribe to MacRumors on YouTube for more videos! As expected, the M4 chip in the iMac is available with up to a 10-core CPU and up to a 10-core GPU. Apple says the iMac with the ...
Read Full Article253 comments
m3 mbp space black

What to Expect From Apple's 'Exciting Week of Announcements'

Thursday October 24, 2024 10:36 am PDT by
Apple's marketing chief Greg Joswiak today teased that the company has an "exciting week of announcements" planned next week. Joswiak said to "Mac" your calendars, and the post includes an animated icon for the Finder app on the Mac, so it is clear that at least some of next week's announcements will be related to the Mac. Subscribe to MacRumors on YouTube for more videos! Below, we have...
Read Full Article116 comments
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Coming to These U.S. States Next

Wednesday October 23, 2024 1:41 pm PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Below, we outline which U.S. states offer the feature, and additional states that have committed to rolling it out in the feature in...
Read Full Article
maxresdefault

Apple Releases iOS 18.1 and iPadOS 18.1 With Apple Intelligence

Monday October 28, 2024 8:07 am PDT by
Apple today released iOS 18.1 and iPadOS 18.1, the first major updates to the iOS 18 and iPadOS 18 updates that came out in September. iOS 18.1 and iPadOS 18.1 come six weeks after the release of iOS 18 and iPadOS 18. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...
Read Full Article212 comments
apple oct 2024 mac tease

Apple Teases M4 Mac Announcements Next Week

Thursday October 24, 2024 9:19 am PDT by
Apple's Greg Joswiak today made it clear that Apple plans to reveal new products next week, teasing refreshed Macs. In a social media post, Joswiak said to "Mac your calendars" because there's an exciting week of announcements that start on Monday morning. With Joswiak's announcement, it appears that there will not be a dedicated October event for Macs this year, with Apple instead...
Read Full Article236 comments
M4 iMac With Magic Accessories

Apple Updates Magic Mouse, Magic Keyboard, and Magic Trackpad With USB-C Ports

Monday October 28, 2024 8:02 am PDT by
Alongside the new iMac, Apple announced updated versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad. The accessories are now equipped with USB-C charging ports, whereas the previous models used Lightning. Apple includes the Magic Mouse and Magic Keyboard in the box with the iMac, and the Magic Trackpad is an optional upgrade. "Every iMac comes with a color-matched Magic Keyboard...
Read Full Article182 comments
iPhone SE 4 Thumb 1

iPhone SE 4 Mass Production Timeframe Revealed as Launch Gets Closer

Wednesday October 23, 2024 9:38 am PDT by
Apple suppliers will begin mass production of the fourth-generation iPhone SE in December, supply chain analyst Ming-Chi Kuo said today in a blog post. The fourth-generation iPhone SE is expected to have a similar design as the base iPhone 14, with rumored features including a 6.1-inch OLED display, Face ID, a newer A-series chip, a USB-C port, a single 48-megapixel rear camera, 8GB of RAM...
Read Full Article49 comments
apple oct 2024 mac tease

Apple Promises Two More Mac Announcements This Week Following New iMac Today

Monday October 28, 2024 11:18 am PDT by
Apple introduced a new iMac today with the M4 chip and more, but that's not all, as it still has two more Mac announcements planned this week. "This is a huge week for the Mac, and this morning, we begin a series of three exciting new product announcements that will take place over the coming days," said Apple's hardware engineering chief John Ternus, in a video announcing the new iMac....
Read Full Article96 comments

Top Rated Comments

larrylaffer Avatar
larrylaffer
54 months ago
Apple's gatekeeping here must be truly awful. These people disguised their software as coming from one of the world's biggest software vendors, and it still made it through?
Score: 17 Votes (Like | Disagree)
julesme Avatar
julesme
54 months ago
If I never again hear of Flash for the rest of my life, it will still be too soon.
Score: 12 Votes (Like | Disagree)
Ritsuka Avatar
Ritsuka
54 months ago

Just another reason why we should be allowed to install 3rd party apps on iOS with out the App Store. Just because Apple approves the app (I know it’s for macOS in this particular article) doesn’t mean it’s guaranteed to be safe.
This is a totally different case. "Notarization" is just Apple running an automated malware scan on the apps, it's not a manual review by an actual person.
Score: 11 Votes (Like | Disagree)
CarlJ Avatar
CarlJ
54 months ago
An actual real-life notary public doesn’t certify anything about the content of the document you’re signing, they only witness that it was actually you that signed it.

I expected that Apple’s notarization service was primarily designed to associate an app with a developer, and register the pairing with Apple, so that if the app subsequently starting doing something really unsavory in the real world, posing a threat to customers, it could be shut off by Apple.
Score: 10 Votes (Like | Disagree)
cmaier Avatar
cmaier
54 months ago

Proof that their notorization is worthless. But it sounds good on paper.
No it's not. Notarization is not malware detection. It ensures that the binary actually came from who it claims to have come from. That's it. Just like a notary public proves that a document was signed by the person who claims to have signed it, and doesn't prove that the contents of the document are true.

This is a weird news article.
Score: 8 Votes (Like | Disagree)
BigMcGuire Avatar
BigMcGuire
54 months ago
Patrick Wardle at Objective-See ('https://objective-see.com/blog/blog_0x4E.html') --- This guy is doing a lot of great work. I run several of his apps. Very cool!
Score: 6 Votes (Like | Disagree)
Read All Comments