Researchers at security firm Intego discover a piece of Mac malware-- OSX/Linker, an attempt at taking over a recently disclosed zero-day flaw in the macOS Gatekeeper security functionality.
The security firm also points out another potential Mac vulnerability in OSX/CrescentCore, a next-generation fake Flash Player malware redesigned to evade antivirus detection.
Publicly disclosed by Filippo Cavallarin back in May 2019, the "Mac OS X Gatekeeper Bypass" is a vulnerability affecting Gatekeeper, the technology designed to check apps downloaded from the internet for either a revoked developer signature or specific malware. According to Cavallarin, macOS treats apps loaded from a network share differently than apps downloaded from the internet. Thus, an attacker can create a symbolic link (aka "symlink") to an app hosted on a Network File System (NFS) server, before creating a .zip archive containing the symlink and getting the victim to download it. The Apple XProtect bad-download blocker fails to check such an app, Cavallarin says, making it easier for malware to infect the Mac in question.
Read more...