Whoa! Apple's vaunted security system let malware through

Apple has always held up the security of its app ecosystem as the standard to aspire to. The company’s rigorous process to ensure that apps which could harm your device and your privacy do not make it to the App store is one of the reasons it cites for disallowing app downloads from any other platform. And also the reason Apple says it is justified in charging a 30 per cent commission on all revenues made on downloading apps and through in-app purchases — something developers, most recently Epic Games, has protested about.

Yet, security researchers have found that a malware was inadvertently passed through Apple’s ‘security scanners’ to run on Mac systems, TechCrunch reported.

The malware was masquerading as an Adobe Flash Installer, researcher Patrick Wardle was quoted as saying by TechCrunch.

“As far as I know, this is a first,” Wardle wrote in a blog post, shared with TechCrunch.

The code of widely used malware ‘Shlayer’, which according to cybersecurity firm Kaspersky was the most common threat Apple Macs faced in 2019, was mistakenly approved to run. This kind of malware replaces genuine websites and search results with its own ads, thereby siphoning off the intended recipient’s ad revenue, the report said.

After Wardle alerted Apple to the serious slip-up, the company revoked the go-ahead given to the malicious code. However, the hackers were able to breach Apple’s security systems again with a fresh code.