Mac researchers have discovered a new malware program designed to specifically exploit a recently disclosed zero-day bypass vulnerability in macOS X Gatekeeper, which has still yet to be patched.

Dubbed OSX/Linker, the malware appears to be crafted by the same developers behind OSX/Surfbuyer, an adware program that also targets Mac users, according to Joshua Long, chief security analyst at Intego in a June 24 company blog post.

Gatekeeper is a feature that enforces code signing and verifies downloaded applications prior to them running on a system. However, on May 24 independent researcher Filippo Cavallarin publicly disclosed that actors could sneak malicious apps past Gatekeeper's protections by hosting these apps on an attacker-controlled Network File System (NFS) server, then creating a symbolic link (aka symlink) to that app, and then fooling prospective victims into downloading a .zip archive containing that symlink.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.