It looks like some libraries are using relative paths (ex: ../../../../bin/iPhone/Ad-Hoc) to store .dSYM files in .zip files. In my personal case, McAfee is complaining about ZipSlip trojans because SkiaSharp is storing its .dSYM.zip in the iPhone Ad-Hoc folder using a relative path. Once McAfee spots it, the file gets deleted and the build fails. I can currently bypass this by adding "--dsym=false" to the additional mtouch arguments in iOS build settings, but that's not a permanent fix because I lose out on symbolic crash reports.
Is this something that anyone else is aware of? I'm sure it's been going on for a while but now that McAfee is complaining about it kind of puts my job at a halt..