Despite taking strict approaches to prevent malware, Apple accidentally approved it as an update for Adobe Flash Player on Mac, security researchers uncovered.
According to Peter Dantini and Patrick Wardle, Apple approved an app that contained Shlayer covered as an Adobe Flash installer. Shlayer is the most common threat found on Mac in 2019, as noted by Kaspersky. It’s a trojan downloader that spreads through fake applications and run scripts to download other unwanted computer programs.
In spite of the “notarization” process, where Apple scans an app for security and malicious content, Apple failed to detect the malicious code and approved it to run even on the unreleased beta version of macOS Big Sur. Normally, apps with security issues and malicious code do not pass the notarization process and are blocked by Gatekeeper, Mac’s in-built security screening software, from running.
After Wardle reached out to Apple with this issue, Apple revoked the notarized payload so it doesn’t work on Mac in the future. Apple provided TechCruch with the following statement:
Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.
Even though Apple addressed this, the attackers were up with a new notarized payload later. Apple blocked that payload as well. Shlayer attacks 31 percent of users in the US, 14 percent in Germany followed by 10 percent in France and the UK, according to a report by Securelist,