Apple Mistakenly Approved a Widely-Used Malware to Run on Macs
upstart writes in with an IRC submission for nutherguy:
Apple mistakenly approved a widely-used malware to run on Macs - TechCrunch:
Apple has some of the strictest rules to prevent malicious software from landing in its app store, even if on occasion a bad app slips through the net. But last year Apple took its toughest approach yet by requiring developers to submit their apps for security checks in order to run on millions of Macs unhindered.
The process, which Apple calls "notarization," scans an app for security issues and malicious content. If approved, the Mac's in-built security screening software, Gatekeeper, allows the app to run. Apps that don't pass the security sniff test are denied, and are blocked from running.
But security researchers say they have found the first Mac malware inadvertently notarized by Apple.
[...] [Patrick Wardle] confirmed that Apple had approved code used by the popular Shlayer malware, which security firm Kaspersky said is the most common threat" that Macs faced in 2019. Shlayer is a kind of adware that intercepts encrypted web traffic - even from HTTPS-enabled sites - and replaces websites and search results with its own ads, making fraudulent ad money for the operators.
Read more of this story at SoylentNews.