November 10, 2024

OSX / Linker malware uses workaround bug in macOS X Gatekeeper

Gatekeeper #Gatekeeper

SC Media> Home> Security News> Malware> New OSX / Linker Malware Created to Exploit MacOS X Gatekeeper Bypass Bug

Mac researchers have discovered a new malware program specifically designed to exploit a recently disclosed zero-day bypass vulnerability in macOS X Gatekeeper, which has yet to be patched.

The malware is called OSX / Linker and appears to have been created by the same developers behind OSX / Surfbuyer, an adware program that also targets Mac users, according to Joshua Long, chief security analyst at Intego in a June 24 company. blog post.

Gatekeeper is a feature that enforces code signing and verifies downloaded applications before running on a system. However, on May 24, independent researcher Filippo Cavallarin publicly announced that actors could sneak malicious apps past Gatekeeper’s protection by hosting them on an attacker-controlled Network File System (NFS) server and then using a symbolic link (aka symlink) to that app, then fool potential victims by downloading a .zip archive containing that symlink.

Register to continue.

Already registered? Log in.

Once you have registered, you will receive:

  • News analysis

    The context and insight you need to stay on top of the most important developments in cybersecurity. CISO and practice perspectives; strategy and tactics; solutions and innovation; policies and regulations.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news for you to use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with helpful calendar reminders and the ability to earn CISSP credits.

  • Subjects:

    Vulnerability management with malware

    Read more?

    Please login or register first to view this content.

    Login Register

    Open

    Next post in Malware

    Close to

    Via: www.scmagazine.com

    Don’t Go Read more:

    Compsmag is supported by its audience. When you buy through links on our website, we may earn an affiliate commission fee. Learn more

    Leave a Reply