Apple's Notarization Process Repeatedly Approved Malware for Mac

Apple mistakenly approved and notarized a common kind of malware for macOS on at least two occasions, reports TechCrunch.

bigSur

Apple requires developers to submit their apps for security checks to run on macOS in a process called "notarization." Notarization was required from the launch of macOS Catalina. If software has not been notarized, it will be blocked by default in macOS.

Peter Dantini and security researcher Patrick Wardle at Objective-See report that they have found the first malware for Mac that has been successfully notarized by Apple, even for the latest beta version of macOS Big Sur. The notarized malware was disguised as an Adobe Flash installer, which is an oft-used technique to convince unknowing users to install a trojan.

It contained "Shlayer" malware, which is said to be the "most common threat" to Macs in 2019. Shlayer is a kind of adware that intercepts encrypted web traffic, even from securely-encrypted HTTPS-enabled websites, and replaces it with its own ads to raise fraudulent ad revenue.

The researchers believe that Apple cannot have detected the malicious code when it was submitted for approval. The discovery is particularly surprising, given that the malware and its vehicle are extremely common. Upon notification from the researchers, Apple revoked the notarization.

"Malicious software constantly changes, and Apple's notarization system helps us keep malware off the Mac and allow us to respond quickly when it's discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe," an Apple spokesperson told TechCrunch.

In spite of Apple's statement, the researchers reported that the bad actors were able to get yet another malware trojan notarized soon after. The second notarized payloads were still approved by Apple as of yesterday.

Earlier this month, a new kind of Mac malware was discovered that infects via Xcode and supposedly can infiltrate the Mac App Store, undetected by Apple.

Tag: Malware
Related Forum: macOS Big Sur

Popular Stories

ios 19 messages app

Apple Sues Jon Prosser Over iOS 26 Leaks

Thursday July 17, 2025 8:40 pm PDT by
Earlier this year, YouTuber Jon Prosser shared multiple videos showing off what he claimed to be re-created renderings of what was then presumed to be called iOS 19 and which was eventually unveiled by Apple as iOS 26 at WWDC in June. In his first video back in January, Prosser showed off a Camera app redesign with a simpler set of buttons for moving between photo and video modes, and he...
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Launching in Two Months With These 16 New Features

Thursday July 17, 2025 8:33 am PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are less than two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models.Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14 Pro ...
iPhone 17 Pro Dark Blue and Orange

Ranked: The Best Features Rumored for the iPhone 17 Lineup

Wednesday July 16, 2025 4:17 pm PDT by
We have just under two months to go until the debut of Apple's iPhone 17 models, and rumors have been ramping up in recent weeks. We went through everything we know so far, pulling out the most exciting rumors and highlighting some other changes that aren't going to be so great. Top Tier Ultra Thin iPhone 17 Air - The iPhone 17 Air is 2025's most exciting iPhone rumor, because it's the...
Foldable iPhone 2023 Feature Homescreen

Foldable iPhone's Thickness and Price Range Detailed in New Reports

Wednesday July 16, 2025 11:31 am PDT by
Apple's long-rumored foldable iPhone will likely have a starting price between $1,800 and $2,000 in the U.S., analysts at investment banking firm UBS said this week. If so, the foldable iPhone would cost more than a MacBook Pro, which starts at $1,599. With a starting price of at least $1,800, the foldable iPhone would be the most expensive iPhone model ever released, topping the Pro Max at...
iOS 26 on Three iPhones

Here's When to Expect the iOS 26 Public Beta

Tuesday July 15, 2025 11:07 am PDT by
Apple previously announced that a public beta of iOS 26 would be available in July, and now a more specific timeframe has surfaced. Bloomberg's Mark Gurman today said that Apple's public betas should be released on or around Wednesday, July 23. In other words, expect the public betas of iOS 26, iPadOS 26, macOS 26, and more to be available at some point next week. Apple will be releasing...
iPhone 17 Air Thumb 2 Blue Electric Boogaloo

iPhone 17 Air's Limited Battery Capacity Leaked

Friday July 18, 2025 12:03 pm PDT by
The battery capacity of Apple's rumored iPhone 17 Air will be below the 3,000 mAh mark, according to a recent post from Instant Digital, an account with more than 1.4 million followers on Chinese social media platform Weibo. Thanks to iOS 26's new Adaptive Power Mode, though, the account said that the iPhone 17 Air should achieve full-day battery life. A previous rumor pegged the iPhone...
iPhone 17 Colors

All 15 New iPhone 17 and iPhone 17 Pro Colors Revealed in Latest Leak

Wednesday July 16, 2025 6:50 am PDT by
We may finally have a definitive list of all color options for the iPhone 17 series, ahead of the devices launching in September. MacRumors concept In a report for Macworld today, Filipe Espósito said he obtained an "internal document" that allegedly reveals all of the color options for the upcoming iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max models. The report includes ...
Generic iPhone 17 Feature With Full Width Dynamic Island

iPhone 17 Series Is Less Than Two Months Away: Everything We Know

Friday July 18, 2025 4:23 am PDT by
Apple is expected to hold its annual iPhone announcement event during the week of September 8, 2025, with September 9 or 10 emerging as the most likely dates. Like the iPhone 16 series, this year's lineup is expected to include four models – but with a twist. The ‌Plus device is being replaced with an all-new ultra-thin model, while the iPhone 17 Pro and ‌iPhone 17 Pro‌ Max are set to...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 16 New Features

Friday July 11, 2025 12:40 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...

Top Rated Comments

larrylaffer Avatar
64 months ago
Apple's gatekeeping here must be truly awful. These people disguised their software as coming from one of the world's biggest software vendors, and it still made it through?
Score: 17 Votes (Like | Disagree)
julesme Avatar
64 months ago
If I never again hear of Flash for the rest of my life, it will still be too soon.
Score: 12 Votes (Like | Disagree)
Ritsuka Avatar
64 months ago

Just another reason why we should be allowed to install 3rd party apps on iOS with out the App Store. Just because Apple approves the app (I know it’s for macOS in this particular article) doesn’t mean it’s guaranteed to be safe.
This is a totally different case. "Notarization" is just Apple running an automated malware scan on the apps, it's not a manual review by an actual person.
Score: 11 Votes (Like | Disagree)
CarlJ Avatar
64 months ago
An actual real-life notary public doesn’t certify anything about the content of the document you’re signing, they only witness that it was actually you that signed it.

I expected that Apple’s notarization service was primarily designed to associate an app with a developer, and register the pairing with Apple, so that if the app subsequently starting doing something really unsavory in the real world, posing a threat to customers, it could be shut off by Apple.
Score: 10 Votes (Like | Disagree)
cmaier Avatar
64 months ago

Proof that their notorization is worthless. But it sounds good on paper.
No it's not. Notarization is not malware detection. It ensures that the binary actually came from who it claims to have come from. That's it. Just like a notary public proves that a document was signed by the person who claims to have signed it, and doesn't prove that the contents of the document are true.

This is a weird news article.
Score: 8 Votes (Like | Disagree)
BigMcGuire Avatar
64 months ago
Patrick Wardle at Objective-See ('https://objective-see.com/blog/blog_0x4E.html') --- This guy is doing a lot of great work. I run several of his apps. Very cool!
Score: 6 Votes (Like | Disagree)