Skip to content

Zero-day macOS bug triggers remote code execution vulnerability

Apple’s macOS Finder has been found to be vulnerable to a zero-day bug which makes it possible for attackers to run arbitrary commands on any Mac running macOS Big Sur or earlier.

The bug was discovered by an independent security researcher Park Minchan and is caused by the way macOS processes inetloc files causing it to run any commands embedded by an attacker without any warnings or prompts. 

Minchan reported the vulnerability to the SSD Secure Disclosure Program, who in turn, notified Apple. They also covered the vulnerability in a report published Tuesday, alongwith a video demo and proof of concept code. The bug hasn’t been assigned a CVE code yet. 

In the News: HP Spectre x360 2-in-1 and 11-inch tablet launched: Price and Specs


Apple quashes the bug silently

Since being notified of the issue, Apple has silently fixed the problem without assigning it a CVE number. The patch, however, only partially addresses the fault as an attacker can still exploit it by changing the protocol used to execute the embedded commands from file:// to FiLe://.

The researchers have notified Apple that it’s still possible to exploit the bug by modifying the value, but they haven’t received a response from the company. For all intents and purposes, the vulnerability is still as good as unpatched.

The patch works by blocking the file:// prefix, but during case matching, the researchers were able to bypass the check. They haven’t provided any information on how attackers might abuse this bug either, but it can potentially be used by hackers to create malicious email attachments that can launch bundled commands or payloads if or when opened by the target. 

The proof-of-concept code provided by the advisory also wasn’t detected by any antimalware engines on VirusTotal as reported by TheBleepingComputer. This causes major concern as macOS users who might’ve already been targeted won’t be protected by security software. 

In the News: Facebook unveils a 10-inch portable Portal Go and 14-inch Portal+

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix








>