According to a new report, Apple inadvertently approved commonly used malware disguised as an update to Adobe Flash Player to run on macOS.
According to security researcher Patrick Wardle, Apple has approved an app that contains code used by a popular malware called Shlayer. Shlayer is a Trojan horse downloader that spreads via fake applications and bombarded users with an influx of adware. Shlayer is the “number one threat” to Mac, cybersecurity, and antivirus company Kaspersky in 2019.
Wardle says this is the first time he has known Apple mistakenly notarized malware after debuting its new notarization process. Apple announced the notarial listing process for macOS in 2019. Every app must be verified by Apple and signed by a developer before it can run on macOS, even if it is sold outside the Mac App Store.
After Wardle discovered the malware, he contacted Apple and the company deactivated the developer account associated with the app and revoked the certification. The attackers reportedly managed to re-authenticate the malware, but Apple announced this TechCrunch that both the old and the new malware had revoked their authentication.