Apple is usually extremely strict when it comes to approving software for its ecosystem. The company even put into place an approval process called notarisation, where apps have to go through security checks before they can run on Macs. But it appears that one of the most common Mac malware has slipped through this safety net.
Security researchers Peter Dantini and Patrick Wardle found the malware disguised as an Adobe Flash installer. Known as the Shlayer, it was rated by Kaspersky as the most common threat for Macs in 2019. And what it does is intercept encrypted web traffic, replacing websites and search results with its own ads.
Wardle says that this is the first time Apple has approved of a known malware. TechCrunch reports that thanks to the report by Dantini and Wardle, Apple revoked the notarised malware shortly after the researchers reached out to the company.
Not too long after, the hackers have managed to get another malware slip past Apple’s notarisation process again. The company has already responded by blocking the payload at the time of writing.
What’s interesting is that these two incidents happened seemingly in the span of three days. According to Wardle’s blog post, Apple revoked the authorisation for the first variant on 28 August. The second one was authorised shortly after, and blocked again on 31 August.