Hackers subvert MacOS Gatekeeper security to infect systems with malware

I suppose it’s only natural that AV vendors will look for reasons to sell their wares to MacOS users. However, the final comment in the article hints at the best protection, don’t do stupid stuff…:

Security researchers have discovered that hackers have been using a  zero-day flaw in macOS’ Gatekeeper to infect Macs with malware. The attempt was to leverage a vulnerability that was publicly disclosed by  security researcher Filippo Cavallarin on 24 May, said a blog post by security software company Intego.

Cavallarin’s vulnerability enables an attacker to gain access to systems by tricking it using a symbolic link (or “symlink”—similar to an alias) to an app hosted on an attacker-controlled Network File System (NFS) server, and then creating a .zip archive containing that symlink and getting a victim to download it. The app would not be checked by Apple’s rudimentary XProtect bad-download blocker.

Researchers at Intego said the first known attempts to leverage Cavallarin’s vulnerability, as a test for distributing malware, was detected last week.


“Ensuring users don’t download and attempt to run untrusted applications can go a long way in preventing infections. When we look at the majority of breaches – regardless of the OS – it can be attributed to human error. Therefore, having a better-trained and security-aware workforce can go a long way in thwarting attacks.”

Original article here