Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
Quote:A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it.
For those not in the Apple camp, the macOS Finder is the default file manager and GUI front-end used on all Macintosh operating systems. It’s the first thing users see upon booting, and it governs the launching of other applications and the overall user management of files, disks and network volumes. It’s the overlord application for everything else on the Mac, in other words.
According to an SSD Secure Disclosure advisory this week, the vulnerability exists in the way macOS Finder handles .Inetloc files. Inetloc files are Apple-specific, and function as shortcuts to internet locations, such as an RSS feed or a telnet location; or they can be used to open documents locally on someone’s Mac within a browser using the “file://” format (in place of http://). It’s the latter function that’s at issue with the zero day, researchers said.
In an exploit scenario for the bug, the .Inetloc files can be specially crafted to contain embedded commands. The crafted files can then be attached to (or linked in) malicious emails, researchers added – and if users are socially engineered into clicking on them, those commands embedded inside automatically execute in stealth mode, with no alert or prompt given to victims.
“A vulnerability in the way macOS processes .Inetloc files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning/prompts,” according to the advisory.

Read more: Unpatched Apple Zero-Day Allows Code Execution | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096

Forum Jump:

Users browsing this thread: 1 Guest(s)
You have to register before you can post on our site.



Recent Posts
Manjaro Linux 24.0.1 Build 240529
Manjaro Linux 24.0...harlan4096 — 09:09
Thunderbird Supernova 115.11.1
Thunderbird Supern...harlan4096 — 09:08
Windows Repair Toolbox
An updated version...harlan4096 — 09:06
AV-TEST - Windows 11 & MacOS Packages pu...
AV-TEST - The best...harlan4096 — 09:04
DirectSR (Super Resolution) now availabl...
“Super Resolution”...harlan4096 — 09:02

Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

Online Staff
There are no staff members currently online.