Apple has some of the strictest rules to prevent malicious software from landing in its app store, even if on occasion a bad app slips through the net. But last year Apple took its toughest approach yet by requiring developers to submit their apps for security checks in order to run on millions of Macs unhindered. From a report: The process, which Apple calls “notarization,” scans an app for security issues and malicious content. If approved, the Mac’s in-built security screening software, Gatekeeper, allows the app to run. Apps that don’t pass the security sniff test are denied, and are blocked from running. But security researchers say they have found the first Mac malware inadvertently notarized by Apple. Peter Dantini, working with Patrick Wardle, a well-known Mac security researcher, found a malware campaign disguised as an Adobe Flash installer. These campaigns are common and have been around for years — even if Flash is rarely used these days — and most run unnotarized code, which Macs block immediately when opened. But Dantini and Wardle found that one malicious Flash installer had code notarized by Apple and would run on Macs. Wardle confirmed that Apple had approved code used by the popular Shlayer malware, which security firm Kaspersky said is the “most common threat” that Macs faced in 2019.
of this story at Slashdot.
Source:: Slashdot