- Researchers found a bug that evades Apple's notarization process, according to security researcher Cedric Owens in a white paper from Objective-See. MacOS versions 10.5 to 11.2 are vulnerable. The new update, which fixes the bug, is available in MacOS version 11.3.
- The software bug did not allow the security protocols to properly vet and prevent certain malicious actions from running. The flaw "ultimately results in the misclassification of quarantined items," Objective-See said. Malicious material does not prompt alerts or blocks.
- The Shlayer malware has been exploiting the bug since Jan. 9 using zero-day malware, Jamf researchers confirmed. The current version of Shlayer is made when an attacker uses a script as the main executable in an application bundle without an "Info.plist file." The script application and missing "Info.plist file" allow the malware to bypass Apple's File Quarantine or notarization.
Apple users have a lot of confidence in the security of their products. In companies using Mac and non-Mac computers, more than three-quarters of users say the Macs are more secure, according to market research from Jamf and Vanson Bourne.
The shift to Apple products in the enterprise is changing the way IT deals with historically Windows-heavy computer support and management.
The quarantine, Gatekeeper and notarization processes are in part what gives Apple products their hardened security reputation; the programs prohibit unverified software or documents from downloading if malicious content is detected. Gatekeeper then provides users a description of a flagged piece of software so the user can "make an informed choice" about completing the download.
Shlayer is an adware, known since 2018 and present on macOS. Prior versions of the malware were spread using "poisoned search engines," said Jamf.
The Shlayer malware is a formidable foe to macOS, Jamf researchers said. It "continues to reintroduce itself with innovative ways to infect macOS-based systems." While most infections on Macs do occur from human intervention, according to Objective-See, they are still successful operations for the attackers.
The latest macOS-related bug comes a couple months after about 30,000 Macs were infected with the Silver Sparrow malware, found by Red Canary, using data from Malwarebytes and VMware Carbon Black. The malware had "novelty," as it didn't mimic the typical adware that targets macOS. Silver Sparrow did not have secondary payloads, there were two versions for Apple's new M1 chips.
Apple's enterprise presence is growing, though it's still finding its footing outside the consumer realm. Between 2019 and 2020, malware detections in Mac decreased 37%, Malwarebytes found.
It was a drop in the record number of detections of adware and potentially unwanted programs (PUPs), which also outpaced similar infections in Windows in 2019. Malware represented only 1.5% of the total detections in 2020, whereas PUPs represented 76% of detections, and adware was 22%.