Security News > 2021 > September > Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters

Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters
2021-09-22 23:07

Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.

A security advisory published Tuesday by the SSD Secure Disclosure program, on behalf of researcher Park Minchan, explains that macOS Finder - which provides a visual interface for interacting with files - is vulnerable to documents with the.

When The Register tested the PoC file, it executed without any warning.

Nonetheless macOS sees such files as Internet locations.

Apple's engineers evidently failed to consider upper and lower case variations, so alternative renditions of the file handler like File:// or fIle:// still bypass the check.

The Register asked Apple for comment knowing it's futile to do so.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/22/macos_rce_flaw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 138 568 4105 1576 2442 8691