acm-header
Sign In

Communications of the ACM

Home/News/Apple Mistakenly Approved Widely Used Malware to Run.../Full Text
ACM TechNews

Apple Mistakenly Approved Widely Used Malware to Run on Macs

By TechCrunch
September 8, 2020
Comments
View as: Print Mobile App Share:
Apple's notarization process for Mac systems passed the malware through.

Security researchers say they have found the first Mac malware inadvertently notarized by Apple.

Security researchers Peter Dantini and Patrick Wardle discovered that Apple inadvertently passed a well-known form of malware for use on Mac systems through its notarization process.

Applications submitted for notarization are scanned for security issues and malicious content, with those deemed safe allowed by the Mac's built-in Gatekeeper screener.

The researchers found notarization granted Mac access to a malicious Adobe Flash installer used by the Shlayer malware.

Wardle said Apple failed to detect the malware when it was submitted and approved, even on the unreleased beta version of macOS Big Sur.

Although Apple revoked the notarized payloads after Wardle alerted the company, he said the hackers released a new payload that again successfully bypassed Mac security.

From TechCrunch
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account