Apple accidentally approved malware with notarized code for Mac
What you need to know
- Apple inadvertently approved malware to run on macOS last year.
- That's according to security researchers.
- Apple did not detect malicious code in the software and approved it to run on Macs.
Apple inadvertently approved Mac malware that used notarized code last year, according to two security researchers.
Apple uses notarization to scan apps for security problems and malicious content. If approved, it means Apple's Gatekeeper software will allow the app to run. Two security researchers say that they have discovered the first instance of a malware campaign that used notarized, as opposed to unnotarized code, which means Apple missed malicious code in the app and approved its use on the platform:
The code used was a piece of malware called "Shlayer" which can intercept encrypted web traffic, replacing websites and search results to make money.
The blog report states that this means that the malicious payloads were sent to Apple before being distributed, upon which Apple scanned them and found no problems, inadvertently notarizing software that was actually malware. The blog notes that the payloads were allowed to run on macOS, even the Big Sur beta, where it was highly likely that because of the app's notarized status, users would have been trusting of the malware.
In a statement, an Apple spokesperson said:
Since the discovery, the attackers created a new notarized payload which also bypassed the same system, which Apple has also intervened to block.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9