Because Gatekeeper considers network shares to be “safe” locations that do not require permission, all a malicious guest has to do is convince the user to open the malicious application they want. A maliciously crafted ZIP file with a correct symbolic link can automatically redirect the user to a website owned by the attacker, and it will then be easy to convince the user to launch this malware disguised as a document.
In theory, the issue should have been fixed by now. Cavallarin said that he reported the vulnerability to Apple on February 22, and that it should be resolved with macOS 10.14. Saying that this was not done and Apple stopped responding to their emails, Cavallarin published the news after giving Apple 90 days to resolve the issue.
If you are a long-time computer user, you are not likely to be accidentally exposed to a virus when you need to open a ZIP file and the contents of a network share. However, this can have dire consequences for people unfamiliar with remote shares and the risk of unwanted viruses.