Apple’s notarization process mistakenly approved Mac malware

Apple has a process to approve apps for macOS. It’s designed to keep users safe. However, mistakes happen, and apparently sometimes even malware gets approved.

As first reported by TechCrunch, Apple’s automated notarization process recently approved Mac malware by accident. First, some background: Apple requires developers to submit apps for notarization — even those not available in the App Store. This process checks the apps for malicious code and other security risks. That notarization process means an app can be blocked by Gatekeeper if issues are discovered.

However, both Peter Dantini and Patrick Wardle have confirmed some malicious malware slipped through the approval process. As part of a Flash installer adware campaign, approved code included the Shlayer Trojan. This malicious software is one of the top threats to macOS users. But this appears to be a “a first”, according to Wardle, for a situation like this.

You can read a full breakdown of the situation on Wardle’s blog.

Apple’s automated notarization process failed to flag the malicious code. This means that, technically speaking, the malware was approved by Apple to run on Macs. Of course, this was a mistake and Apple was quick to revoke the malware’s notarization. Here’s Apple’s statement on the matter:

Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.

Mistakes happen, especially in an automated system, especially as malicious attacks change. But Apple’s goals remain noble enough, at least in this regard.