macOS has critical flaw that allows attackers to execute code

A new zero-day vulnerability (a critical hole that had not been detected at launch) has been found in all macOS versions, including the most recent one, Big Sur.

  • Adware Pirrit is the most common pest in macOS threat list
  • Apple cites high malware on MacOS to defend its restrictions on the App Store
  • Apple launches macOS Big Sur .3 with several new features; check out the main ones

The flaw, found by security researcher Park Minchan, is due to the way macOS processes internet location files (.inetloc), which unexpectedly ends up allowing code deployed by intruders into these documents to run without any warning or permission. Minchan shared the finding with researchers from the SSD Secure Disclosure program.

Usually, .inetloc files act as shortcuts to web pages, causing them to open a page in the default browser when they are opened. of the mac device. However, this vulnerability causes files with this extension, instead of indicating websites, to indicate the location “file//”, thus allowing the execution of arbitrary code.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

This flaw could potentially be used by intruders to run malicious programs without computer users noticing, thus allowing the criminal can monitor and steal data from the machine.

BleepingComputer has tested a proof-of-concept demonstration of the flaw. With this, the portal team confirmed that the vulnerability could be used to execute arbitrary code in macOS Big Sur, and that the online file analysis service VirusTotal cannot identify the danger present in the documents used to execute the bug.

Apple has already been warned about the continuity of the failure

The SSD Secure Disclosure website has a proof-of-concept demonstration of the vulnerability. (Image: Screenshot/Dácio Augustus)

Apple, without fanfare, has already fixed part of the vulnerability even before it was discovered by researchers. Most current versions of macOS, starting with Big Sur, have a lock for the file:// prefix in the Finder, name of the system file explorer. However, this only fixes part of the flaw, since if the files have commands written with a capital letter, “File://”, or with two “L”s, “flle://”, the fix does not detect them, allowing them to execute the commands.

The researchers claim to have already warned Apple about the extensions that manage to pass through the block introduced in Big Sur, however, the company had not responded until the publication of this article .

More details about the vulnerability, as well as a proof-of-concept demonstration, are available here.

Source: BleepingComputer, SSD Secure Disclosure

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

660 660


Related Articles

Back to top button