Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
An international team of security researchers has publicly disclosed a new vulnerability that exists in Apple's macOS Finder.
This is essentially a high-severity zero-day vulnerability that could allow an attacker to execute arbitrary commands on a target Mac, regardless of the version of macOS in use.
This vulnerability was first found by a team of independent security researchers led by cybersecurity expert Park Minchan. The problem stems from the way macOS handles inetloc files, which inadvertently causes the system to automatically run any commands embedded inside by the attacker without being able to issue any warnings or prompts. for users.
On macOS, Internet location files with the .inetloc extension are system-wide storage of bookmark data, and can be used to open online resources (news://, ftp://) , afp://) or local files (file://).
"A vulnerability in macOS Finder allows files with the inetloc extension to execute arbitrary commands. These files could be embedded inside malicious email messages that, if clicked by the user, would immediately execute the commands specified. embedded inside without giving any prompts or warnings to the user'.
For its part, Apple seems to be aware of the problem and is quietly fixing it without specifying a CVE identifier. The Park Minchan team and colleagues also discovered that Apple's patch only partially addresses the vulnerability, as it can still be exploited by changing the protocol used to execute embed commands from the file. :// to File://.
"We have informed Apple that FiLe:// (value change only) does not appear to be blocked, but have not received any response from them so far. As far as we know, currently Currently, this vulnerability has not really been patched."
The team has not provided any specific information on how attackers can abuse this vulnerability. However, in theory, it is entirely possible to be used by threat actors to create malicious email attachments that can launch an accompanying or remote payload when accessed by the victim.
Initial field tests have confirmed that this vulnerability can be used to run arbitrary commands on macOS Big Sur, using specially crafted files downloaded from the Internet without any any prompts or warnings.
A .inetloc file with PoC code also went undetected by any anti-malware engine on VirusTotal. That means macOS users targeted by threat actors using this attack method will not be protected by security software.
Hopefully Apple will soon implement more thorough measures to fix the problem in the near future
You should read it
- Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
- ProFTPD remote code execution vulnerability affects more than 1 million servers worldwide
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Update your Macbook now to avoid this major security bug
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement cases
- Adobe Flash Player has a serious zero-day vulnerability
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication required
Maybe you are interested
Microsoft tests a Start menu interface similar to iOS GTA 6 will be released in fall 2025 The new default Office font is now available on Microsoft 365, with many notable additions Should water basins be placed in air-conditioned rooms? Fastest star in the Milky Way, speed 8,226,967 km/h Ways technology can keep you safe and healthy on the go