A really cool feature of Apple macOS, from the security point of view at least, is that all software distributed via the Mac App Store has to be checked by Apple for malicious content – a process known as “notarizing.”
It’s different from a regular “app review” of the software, and since February 2020 it has become a requirement for even Mac software distributed outside the Mac App Store to be notarized by Apple to allow it to run on macOS Catalina, the latest shipping version of the Mac operating system.
If an app isn’t notarized, you’re prevented from running it on macOS.
That’s all great in theory, but what if Apple accidentally approves a malicious app. Might users have a false sense of security – believing that if Apple’s vetting has given an app the all-clear and no message is displayed on running, that it must be safe to run?
Unfortunately, that seems to be exactly what has happened.
Security researchers Patrick Wardle and Peter Datini have uncovered an adware campaign hosted on a website that tricked users into downloading a bogus update to Adobe Flash Player.
Normally, a lack of notarization should mean that the app cannot be run on users’ Mac computers and laptops.
However, in this case, the malicious code had actually received Apple’s stamp of approval.
Wardle explains what this means:< ..
Support the originator by clicking the read the rest link below.
