Security News > 2021 > September > Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters
Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.
A security advisory published Tuesday by the SSD Secure Disclosure program, on behalf of researcher Park Minchan, explains that macOS Finder - which provides a visual interface for interacting with files - is vulnerable to documents with the.
When The Register tested the PoC file, it executed without any warning.
Nonetheless macOS sees such files as Internet locations.
Apple's engineers evidently failed to consider upper and lower case variations, so alternative renditions of the file handler like File:// or fIle:// still bypass the check.
The Register asked Apple for comment knowing it's futile to do so.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/22/macos_rce_flaw/
Related news
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Asus lets processor security fix slip out early, AMD confirms patch in progress (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)