Apple allowed malware app to run on Macs

Get a free Techzine subscription!

Apple has its failures but security is one of the things that they do very well, especially for their Macs. However, a new incident might tarnish their impressive record. Recently, Apple approved an Adobe Flash-based malware to run on their Macs without any warning.

The researchers Patrick Wardle and Peter Dantini noticed a bug in a Flash-powered installer hosted by a copycat site of Homebrew (one of Linux’s packet management systems). Apple has a very foolproof way of ensuring that apps running on macOS are secure. However, it seems that it’s not completely foolproof since this app was approved.

The security check missed something

Developers that want their apps to run on Apple systems need to go through a notarization process. Apple has an automated service which looks for malware in the apps that are submitted. When they do not find any malware or problems, they issue a ticket for the developer to attach to the software.

macOS-systems can detect the ticket when its attached to an app, verify it, and allow the application to run. The system uses the ticket to identify safe apps, when you are installing them. Every app-update needs to go trough this process as well.

If the app has not been notarized and there is no ticket, it will show a warning. What Dantini and Wardle found, was that Apple had notarized this common malware that then became capable of running on macOS devices. The security check of Apple did not find any problem with this application.

A different kind of bad

In the blog post they wrote, the two researchers noted that the malware is reaching users, meant that Apple’s automated notarization process, did not detect any malware. This means that it can run even on the latest macOS, Big Sur.

Luckily the malware is not too invasive as it does not steal data. It just acts as an adware. This means that users will get a lot of ads on their screen about earning money and that could easily use up the system’s resources. It will also throw ads on pages protected by HTTPS encryption.

Tip: Apple messed up and proofs abuse of power with the App Store