Apple’s MacOS (or any other software for that matter) is stern when it comes to allowing malware or adware on its platform, and is known for providing better security than any of its competitors. However, even the most skilled players slip up sometimes, as did Apple by allowing a fairly common malware to run on Mac devices.
Last year, the company had incorporated a new process for ‘notarizing’ all of applications that wish to run on Apple devices to avoid adwares and malwares. Basically, any app would be assessed by Mac’s in-built security screening software, and only allowed to be run if it passes all the security checks. This was hailed as one of the most foolproof security features ever passed. However, it apparently missed a pretty common malware that has been running for years now.
Security researcher Patrick Wardle writes that a campaign distributing ‘Shlayer adware’ was able to bypass Apple’s new adware scanning process and is the first malware to be notarized for MacOS. This particular adware was present as a Flash Player Installer. This type of malware is very common and usually contains only ‘unnotarized’ codes, and immediately blocked by Apple. However, this very specific malware was notarized, and ran on Mac devices, thus exposing a loophole in the new security feature.
Wardle says, “I had been expecting that if someone were to abuse the notarization system it would be something more sophisticated or complex”. Shlayer adware usually replaces websites and search results with ads by intercepting encrypted web traffic. This helps them earn huge ad money by serving fraudulent ads.
Wardle first noticed this malware on his device and notified it to Apple. After reviewing, the company blocked the adware’s certificate immediately, revoking access on all Mac devices. Later, he again found the adware to be active, but this time with a different Apple developer ID. He noticed the newer versions had been notarized with a different ID shortly after Apple revoked its certificate, and reported it to Apple immediately.
An Apple spokesperson told TechCrunch, “Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe”.
Apple has established itself as a security driven tech company, even limiting users to its own ecosystem for this effect. This new case in Apple’s history might dampen its image a little. This revelation comes just before the company is planning to introduce its first Mac device with an in house processor, which apparently will be the 12 inch Mac making a return from the grave.