Skip to main content
close search
site logo
Dive Brief

Software bug bests MacOS notarization protocols

Published April 27, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Tomohiro Ohsumi via Getty Images

Dive Brief:

  • Researchers found a bug that evades Apple's notarization process, according to security researcher Cedric Owens in a white paper from Objective-See. MacOS versions 10.5 to 11.2 are vulnerable. The new update, which fixes the bug, is available in MacOS version 11.3.
  • The software bug did not allow the security protocols to properly vet and prevent certain malicious actions from running. The flaw "ultimately results in the misclassification of quarantined items," Objective-See said. Malicious material does not prompt alerts or blocks.
  • The Shlayer malware has been exploiting the bug since Jan. 9 using zero-day malware, Jamf researchers confirmed. The current version of Shlayer is made when an attacker uses a script as the main executable in an application bundle without an "Info.plist file." The script application and missing "Info.plist file" allow the malware to bypass Apple's File Quarantine or notarization.

Dive Insight:

Apple users have a lot of confidence in the security of their products. In companies using Mac and non-Mac computers, more than three-quarters of users say the Macs are more secure, according to market research from Jamf and Vanson Bourne

The shift to Apple products in the enterprise is changing the way IT deals with historically Windows-heavy computer support and management. 

The quarantine, Gatekeeper and notarization processes are in part what gives Apple products their hardened security reputation; the programs prohibit unverified software or documents from downloading if malicious content is detected. Gatekeeper then provides users a description of a flagged piece of software so the user can "make an informed choice" about completing the download. 

Shlayer is an adware, known since 2018 and present on macOS. Prior versions of the malware were spread using "poisoned search engines," said Jamf. 

The Shlayer malware is a formidable foe to macOS, Jamf researchers said. It "continues to reintroduce itself with innovative ways to infect macOS-based systems." While most infections on Macs do occur from human intervention, according to Objective-See, they are still successful operations for the attackers. 

The latest macOS-related bug comes a couple months after about 30,000 Macs were infected with the Silver Sparrow malware, found by Red Canary, using data from Malwarebytes and VMware Carbon Black. The malware had "novelty," as it didn't mimic the typical adware that targets macOS. Silver Sparrow did not have secondary payloads, there were two versions for Apple's new M1 chips.

Apple's enterprise presence is growing, though it's still finding its footing outside the consumer realm. Between 2019 and 2020, malware detections in Mac decreased 37%, Malwarebytes found. 

It was a drop in the record number of detections of adware and potentially unwanted programs (PUPs), which also outpaced similar infections in Windows in 2019. Malware represented only 1.5% of the total detections in 2020, whereas PUPs represented 76% of detections, and adware was 22%.

Recommended Reading

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell