Apples track record is rather clean when it comes to maintaining security for its Macs. However, a newly found goof-up might screw up its impressive scorecard.
The company accidentally approved an Adobe Flash-based malware to run on Macs without any warning. Security researchers Patrick Wardle and Peter Dantini found this bug in a Flash-powered installer hosted on a copycat site of Homebrew, a package management system for Linux.
To ensure that apps running on macOS are secure, Apple asks developers for whats called a Notarization process. If the companys automated service finds that the app doesnt have any malware, it issues a ticket for the developer to attach with the software. That ticket is used when you install that app on your Mac, so the system can identify it as a safe app.
If the app doesnt pass the test, the system shows a warning as shown in the diagram below. You can read more about the Noteraization process here.
Credit: Patrick Wardle
Flow of notarization on an Apple system
Wardle and Dantini found that Apple has notarized this common type of malware, and it can run on macOS without any warning. The duo noted in a blog post that this means the company found no malicious code in this installer, and it can even run on the newest version of macOS, Big Sur. Plus, because this malware was Apple-certified, users would install it without checking.
Credit: Patrick Wardle
Flash-based Apple Mac malware
The malware doesnt steal any data but acts as adware. So, itll generate a lot of ads on your screen to earn money and hog up your systems resources. It also throws up ads on pages that are protected through HTTPS encryption.
Apple said in a statement that it has revoked the certificate of the payload and disabled the malicious actors developer account:
Malicious software constantly changes, and Apples notarization system helps us keep malware off the Mac and allow us to respond quickly when its discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.
The company has also blocked new notarized payloads deployed by the attackers. Thankfully, as a user, you dont have to do anything in case youve installed these payloads.
So you like TNW? Then join our upcoming online event, TNW2020, you dont want to miss it.
More Stories
US president-elect Joe Biden has listed four priorities for his forthcoming presidency. These include Covid-19, economic recovery, racial equity and climate change.
What are the restrictions within Victoria and the border closures with NSW and Queensland? How far can I travel, and how many people can I have over at my house? Untangle Australia’s Covid-19 laws and guidelines with our guide
Apple has suspended new business with supplier Pegatron after the Taiwan-based original equipment manufacturer misclassified student workers. Apple also said Pegatron broke its Code of Conduct for suppliers. In a statement provided to Bloomberg, Apple said, “…