Docker Desktop blocked on Macs due to false malware alert

Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate.

The first reports of the malware alerts surfaced on January 7, 2025, when macOS users received an unexpected 'Malware Blocked' message preventing them from opening the Docker containers management app.

"Malware Blocked. "com.docker.vmnetd" was not opened because it contains malware. This action did not harm your Mac," reads the alert on Macs.

False malware warning
​​​​​​Source: ​GitHub

The vendor clarified that the warnings are false and users should disregard them. However, manual action needs to be taken to resolve the operational problems, which, as of writing, remain ongoing.

"We want to inform you about a new issue affecting Docker Desktop for some macOS users. This causes Docker Desktop to not start," explained Docker in a GitHub issue.

"Some users may also have received malware warnings. Those warnings are inaccurate."

The root cause of these inaccurate malware messages is an incorrect code-signing signature used on some files in existing installations, likely causing a failure in file integrity checks.

Docker's service status page
Source: Docker

How to fix

As Docker is still investigating the incident, it has provided the following ways to resolve the malware warning problems:

Upgrade Docker Desktop to version 4.37.2, which includes a permanent fix. The update can be downloaded manually or applied from the in-app updater tool.

Apply patches for older versions, 4.32 through 4.36, by choosing the correct release from here. Docker versions 4.28 and earlier are not impacted by this problem.

Follow the resolution steps provided in this guide if the malware warnings still pop up after updating/patching.

IT administrators can use this script to resolve the problem for all users/developers, provided that Docker Desktop has been upgraded to version 4.37.2 or patches have been applied on older versions.

Manually solving the problem is also possible for administrators. This requires stopping Docker, vmetd, and the socket services, removing the vmnetd and socket binary, and installing new binaries that should have the appropriate signatures. Finally, restart the Docker Desktop app.

For complete details on the available solutions and their application, Docker has published a document here.

As of writing, Docker's status page still indicates a partial service disruption on client machines due to this issue, and the effectiveness of the released patches is currently being evaluated.