Apple’s track record is pretty clean when it comes to maintaining the security of your Macs. However, a newly found goof-up can screw up the impressive scorecard.
The company accidentally approved Adobe Flash-based malware to run on Mac without warning. Security researchers Patrick Wardle and Peter Dantini found this error in one Flash drive installer hosts a copy site for Homebrew, a package management system for Linux.
To ensure that apps running on macOS are secure, Apple asks developers for what is called a notarization process. If the company̵
If the app does not pass the test, the system displays a warning as shown in the diagram below. You can read more about the Noteraization process here.
Wardle and Dantini found that Apple has approved this common type of malware, and that it can run on macOS without warning. The duo noted in a blog post that this means that the company did not find any malicious code in this installer, and it may even run on the latest version of macOS, Big Sur. Additionally, because this malware was ‘Apple certified’, users would install it without checking.
Malware does not steal data, but acts as adware. So it will generate many ads on the screen to make money and chop up system resources. It also throws ads on pages that are protected by HTTPS encryption.
Apple said in a statement that they had revoked the payload certificate and disabled the malicious actor’s developer account:
Malicious software is constantly changing, and Apple’s notarization system helps us keep malicious software out of our Macs and allow us to respond quickly when detected. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their help in keeping users safe.
The company has also blocked new notarized payloads picked up by the attackers. Fortunately, you as a user do not need to do anything in case you have installed these payloads.
So you like TNW? So join our upcoming online arrangement, TNW2020, you will not miss it.
Here are the 3 biggest trends that shape the work of the future