Security researchers recently found that Apple’s notarizing system, meant to protect users, has a flaw. One that allowed malware to get through.
Without intending to, Apple has apparently approved a form of Mac malware, according to a security researcher. Although Apple launched a strict process last year to prevent such malware from getting through, this particular one was hidden inside an Adobe Flash installer, and slipped through the cracks. While Apple seems to have nipped the issue in the bud, the security researcher who reported the problem says the people behind the malware were quickly back at it again.
Malware comes in many different forms, from viruses and Trojan horses — viruses disguised as legitimate software, like the Adobe Flash installer — to spyware, such as the attack earlier this year leveled against Google Chrome. Simply put, malware is any software which can damage a computer. In December of 2019, Apple informed consumers of its new notarization policy, which would allow the company to screen potential apps for malware before they are allowed to run on a Mac computer. The company first introduced this security measure starting with macOS Catalina 10.15. It came after a rise in cybersecurity threats against Mac users last year.
As reported by TechCrunch, security researcher Patrick Wardle recently published a blog post outlining the adware campaign from a site called “homebrew.sh”. The website has a similar name to Homebrew — “brew.sh” — which helps people to download software to the macOS system. If someone accidentally types in “homebrew.sh” rather than the actual site name, a window suggesting they update their Adobe Flash player pops up over and over again. When this happens, malicious payloads were allowed to run on the Mac, meaning the virus was introduced into the computer. In this case, adware from Shlayer, a very common type of malware often infecting the macOS system. Apple stepped in and revoked the certificates, which prevented that particular strain of malware from working again. While this was on August 28, Wardle notes that on August 30, the adware campaign was still active and producing new payloads, although Apple has reportedly blocked these most recent payloads, as well.
How Mac Users Can Stay Safe
While Macs seem to be facing an increase in security threats, it’s important to note that they aren’t alone — the same report noted adware attacks have become more aggressive in general lately, which means Windows and Android devices are also serious targets. No matter what computer or device someone has, an important measure is to be cautious in general. The rules of avoiding adware are simple: don’t click on pop-ups and keep the software system up-to-date. The latter of which will mean that any new or improved security measures, like the notarization system on the macOS, can be enabled to protect the device. Even if they are imperfect, they’re still a defense mechanism that users should take advantage of. Also be sure to only download programs from trustworthy websites.
Surfing the web, whether on a computer, a phone, or a tablet, opens people up to various security risks, from malware to apps collecting user data. It’s improbable that any company is going to be able to protect its customers from all of them. While it is alarming that Apple inadvertently approved malware, the quick response from the company is somewhat comforting, even if it had to repeat the procedure a second time so soon as well. Just remember to keep an eye on the websites where software comes from, and be careful when typing in a web address, as even a small difference — like “homebrew.sh” vs. “brew.sh” — can have a big impact, whether a Mac user or not.
PS5 Will Have Accelerated Rollout Of First-Party Exclusive Games