Mac researchers have discovered a new malware program designed to specifically exploit a recently disclosed zero-day bypass vulnerability in macOS X Gatekeeper, which has still yet to be patched.
Dubbed OSX/Linker, the malware appears to be crafted by the same developers behind OSX/Surfbuyer, an adware program that also targets Mac users, according to Joshua Long, chief security analyst at Intego in a June 24 company blog post.
Gatekeeper is a feature that enforces code signing and verifies downloaded applications prior to them running on a system. However, on May 24 independent researcher Filippo Cavallarin publicly disclosed that actors could sneak malicious apps past Gatekeeper's protections by hosting these apps on an attacker-controlled Network File System (NFS) server, then creating a symbolic link (aka symlink) to that app, and then fooling prospective victims into downloading a .zip archive containing that symlink.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.
