Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version.
The flaw is due to the way macOS handles inetloc files that causes it to run commands embedded inside. According to the SSD Secure Disclosure advisory, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any prompts.
An Internet location file is a sort of system bookmark, upon double-clicking one, an online resource or local files (file://) will be opened.
Initially, the flaw was silently addressed by Apple, but Minchan noticed that the IT giant only partially addressed the flaw. However, the expert discovered that it is still possible to exploit the flaw using a different protocol, from file:// to FiLe://, to execute the embedded commands.
“A vulnerability in the way macOS processes inetloc
files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning / prompts.” reads the SSD Secure Disclosure advisory. “Newer versions of macOS (from Big Sur) have blocked the file:// prefix (in the com.apple.generic-internet-location) however they did a case matching causing File:// or fIle:// to bypass the check.”
The researcher also PoC exploit code for this issue and a video demo:
According to BleepingComputer, at the time of this writing, the PoC code has a detection rate of zero VirusTotal.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, zero-day)
[adrotate banner=”5″]
[adrotate banner=”13″]
Meta plans to train AI on EU user data from May 27 without consent; privacy…
Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise…
Google released emergency security updates to fix a Chrome vulnerability that could lead to full…
Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after…
Coinbase confirmed rogue contractors stole customer data and demanded a $20M ransom in a breach…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities…
This website uses cookies.