Actually, the purpose of Apple’s notarization service is to protect Mac users from malware. But now it has become known that exactly this notarization service has certified software that contained the well-known malware “Shlayer”.
RISKREX – das moderne Digital Risk Management System
Führen Sie jetzt den ersten, kostenfreien Scan aus um das IT-Sicherheitslevel Ihrer Organisation zu ermitteln. Ermitteln Sie jetzt technische und menschliche Schwachstellen – ohne Risiko
- Kein Einverständnis nötig von Ihrer IT-Abteilung
- Vollständig passive Analyse
- Über 250 Open Sourcen Quellen ermitteln
Security system fails and certifies Shlayer
In macOS version 10.15 Catalina and the upcoming version 11 Big Sur the malware installer is not blocked, but can be opened easily. Only the question of whether macOS should download the software, since this is from the Internet, remains, but all Mac users know this message, because it appears as soon as you want to download a software.
The danger is obvious, because since this message is displayed with every download, even of secure software, users do not expect malware. Actually, Apple tries to prevent malicious software from being downloaded at all through the notarization service. However, unknown persons have submitted the software with the Shlayer malware to Apple for notarization and have actually received it.
The error is obviously the fault of Apple’s notarization service, since this instance has certified damaging software and thus theoretically made it available to all Mac users. The way in which the unidentified persons actually managed to have the malicious software authenticated is somewhat more complicated. Camouflaged in an Adobe Flash Player update, the malware was spread via the well-known package manager Homebrew, detailed steps were explained by the security researcher Patrick Wardle.
Despite reaction malware is accessible in Apple
After this vulnerability was tweeted by Patrick Wardle at the end of August and thus published, Apple reacted by withdrawing the signature and notarization for the malicious software. But just 2 days after Apple reacted, a new malware campaign has been sighted, with a new signature and notarization by Apple. When asked by Techcrunch, Apple explained that malware is constantly changing. The notarization system should help to keep malware away from all Macs.
Apple’s notarization is now mandatory, meaning that programs outside the App Store must be submitted for notarization so that they can be downloaded by the operating system. This is to protect all Mac users from malware, as all accessible programs must have already been checked.
The fact that errors can occur during this notarization process is normal, but nevertheless very serious. As already mentioned, Mac users assume that the software has been checked and is therefore safe when downloading. However, if an error occurs, many users download malware without thinking about it.
The same may have happened with the Shlayer Trojan, which some users downloaded. This clever malware delivers adware that can manipulate search queries in the browser, for example. In principle, you can trust Apple’s notarization service, but before you download anything from the Internet, you should take a quick look to see if this software is associated with Apple and malware. The easiest way to find out if such a connection exists is a simple search query on the Internet.
This post is also available in: Deutsch (German)