Apple accidentally approved common malware disguised as an update for Adobe Flash Player to run on macOS, according to a new report.
According to security researcher Patrick Wardle, Apple approved an app that contained code used by a well-known malware called Shlayer. Shlayer is a Trojan download that spreads through fake applications and bombards users with an influx of adware. Shlayer is the “most common threat” to Mac, cybersecurity and antivirus company Kaspersky said in 2019.
Wardle says this is the first time he knows that Apple incorrectly notarized malicious software after the debut of the new notarization process. Apple announced the macOS notarization process in 2019, and requires all apps to be reviewed by Apple and signed by a developer before it can run on macOS, even if they are distributed outside the Mac App Store.
After discovering malicious software, Wardle contacted Apple, and the company deactivated the developer account associated with the app and revoked the certification. The attackers reportedly managed to notarize the malware again, but Apple said TechCrunch that both the old and the new malicious software had their notarization revoked.