These files usually contain a web address and can sometimes contain usernames and passwords for secure shell (SSH) and telnet connections. The security flaw stems from how macOS processes Internet Location (INETLOC) files, which are used as shortcuts to open up various internet locations, like RSS feeds or telnet locations. Park Minchan, an independent researcher who was credited with the discovery of the security loophole, commented that the mail application isn’t the only possible attack vector, but that the vulnerability could be exploited using any program that could attach and execute files, naming iMessage and Microsoft Office as viable examples. “A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user,” reads the blog by SSD Secure Disclosure about the bug. The security loophole affects all versions of the macOS Big Sur operating system and older systems. Researchers have uncovered a flaw in Apple’s macOS Finder system that could allow remote threat actors to dupe unsuspecting users into running arbitrary commands on their devices. While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented
0 Comments
Leave a Reply. |