Security News > 2021 > September > Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters
Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.
A security advisory published Tuesday by the SSD Secure Disclosure program, on behalf of researcher Park Minchan, explains that macOS Finder - which provides a visual interface for interacting with files - is vulnerable to documents with the.
When The Register tested the PoC file, it executed without any warning.
Nonetheless macOS sees such files as Internet locations.
Apple's engineers evidently failed to consider upper and lower case variations, so alternative renditions of the file handler like File:// or fIle:// still bypass the check.
The Register asked Apple for comment knowing it's futile to do so.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/22/macos_rce_flaw/
Related news
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)