Apple's Notarization Process Repeatedly Approved Malware for Mac

[Amazing Iceman]

Different issue altogether. The claim is it's somehow Adobe's fault, when Adobe had nothing to do with it.

I should have rephrased my comment. It’s definitely not Adobe’s fault.
Users should be careful when selecting a download source.
But going back to the root of the problem, it is Apple’s fault for letting something like that pass through their screening process.

 

[ambientdaw]

Yet another reason to run anti-Malware/anti-Virus software on macOS. I certainly do.

Which? and what are all the downsides of having that running all the time?

 

[topdrawer]

i've considered bundling my mac games in a flash installer to get people to play them.

 

[mi7chy]

You get what you pay for. Increase fees from 30% to 50% if you want better security.

 

[Realityck]

You get what you pay for. Increase fees from 30% to 50% if you want better security.

This has nothing to do with Apple App Store. It just a example of untrusted sites throwing up fake Adobe flash installs. Nothing new here at all.
From TechCrunch

Peter Dantini, working with Patrick Wardle, a well-known Mac security researcher, found a malware campaign disguised as an Adobe Flash installer. These campaigns are common and have been around for years — even if Flash is rarely used these days — and most run unnotarized code, which Macs block immediately when opened.

 

[Realityck]

Yet another reason to run anti-Malware/anti-Virus software on macOS. I certainly do.

There is very little value with running malware scans of MacOS. Seriously read articles like this one and remember not to install things you never requested off the internet.

 

[mi7chy]

This has nothing to do with Apple App Store.

Subsidized by Apple App Store fees.

 

[Apple_Robert]

Even though Apple’s record isn’t perfect, they are still leading the way to better security, in my opinion. I am happy to stay inside the orchard.

 

[Expos of 1969]

Even though Apple’s record isn’t perfect, they are still leading the way to better security, in my opinion. I am happy to stay inside the orchard.

Very limited selection in that orchard. Apples....apples....and apples. And some of them are rotting.....

 

[trusso]

Sounds like something that could have been avoided with a phone call from Cupertino to San Jose (Adobe’s HQ). Hell, they could even walk there.

This sort of thing is kind of telling, actually. What type of environment does Apple have their review team working in, that they don’t feel they can do the necessary legwork to actually earn Apple’s 30% cut? I blame management.

It’s not news to those who exercise their critical thinking faculties, but “something is rotten in the state of Denmark.”

 

[Realityck]

Any way to detect if you have either of these pieces of malware on your computer? I run Malwarebytes on my computer but I am sure it is not 100% effective.

I really wouldn't worry. I haven't had any incidents since MacOS X was originally released.

 

[C DM]

Sounds like something that could have been avoided with a phone call from Cupertino to San Jose (Adobe’s HQ). Hell, they could even walk there.

Not sure what the call would be about if Adobe isn't involved.

 

[C DM]

There is very little value with running malware scans of MacOS. Seriously read articles like this one and remember not to install things you never requested off the internet.

Well, the value for some can be that they don't really always remember or know or realize and might potentially install something at some point.

 

[Apple_Robert]

Very limited selection in that orchard. Apples....apples....and apples. And some of them are rotting.....

As long as they are Granny Smith, I don’t mind.

 

[trusso]

Not sure what the call would be about if Adobe isn't involved.

Simply verifying that one of the largest software companies on earth is actually the one submitting the app?

 

[Expos of 1969]

As long as they are Granny Smith, I don’t mind.

Oh, often sour

 

[tdiaz]

Talk about an Epic Failure.

 

[centauratlas]

Fake Adobe Flash installers are usually on sites that one shouldn’t be looking at.

It is funny, I clicked the third link in a google search just 30 minutes ago (not for porn lol) and it redirected several times and then said I "needed to update Flash". Needless to say I closed the window.

 

[RAWvJPG]

Yeah, those jerks at Adobe just love it when completely separate entities develop malware disguised as their genuine software!

What, Adobe Flash was "genuine software"? When, at what point in history? In my mind it got stuck as a security vulnerability disguised as genuine software.

But nowadays, when it comes to Adobe software users should immediately become suspicious if the installer doesn't force a subscription plan on you. If it doesn't it must be malware.

 

[Realityck]

It is funny, I clicked the third link in a google search just 30 minutes ago (not for porn lol) and it redirected several times and then said I "needed to update Flash". Needless to say I closed the window.

I find that an innocent computer user can locate one of these sites by looking for a popular topic via google search that is very recent, say in the last hour.

I sincerely hope everyone that is reading this forum has already removed Adobe Flash from their system as it is EOL, and no longer needed for anything.

Probably 5 years from now there will still be those same web sites still hitting you with Flash installs.

 

[Wowfunhappy]

What, Adobe Flash was "genuine software"? When, at what point in history? In my mind it got stuck as a security vulnerability disguised as genuine software.

Lots of wonderful games were written in Flash. It's in fact how many developers initially got started, often as children.

Flash provided an easy way to make content that ran everywhere, and while it was considered bloated on the computers of its day, Flash software is significantly more lightweight than many of today's web apps (e.g. Slack), it's just that now computers are faster.

 

[justperry]

Anyone recommend a good solution for finding this types of things and removing them? I'm unsure where to start for virus removal

There is no OS X/macOS virus, until now there hasn't been a virus for these OS's.

Learn what a virus is.

 

[Wowfunhappy]

There is no OS X/macOS virus, until now there hasn't been a virus for these OS's.

This is absolutely not true, and somewhat dangerous. There are plenty of Mac viruses.

 

[justperry]

This is absolutely not true, and somewhat dangerous. There are plenty of Mac viruses.

Nope, there's plenty of Malware/Adware, not viruses, there are NO viruses for OS X/macOs.

Look up the definition of a virus.

Just a hint, a virus replicates itself and spreads to other computers.

Edit1: Another hint, a virus installs itself without User action.

Edit2: I searched for quite a while, I found just 1 claiming to be a virus, it was from 2006, fact is, it wasn't a virus, you had to interact with the downloaded file, unpack the zip and double-click the unpacked file, it was a trojan, not a virus.

(@KALLT)

 

[Manzanito]

Proof that their notorization is worthless. But it sounds good on paper.

Not a proof of that at all. We don’t know how many apps with malware they’ve detected and blocked, do we?

No antivirus provides 100% security.