Security News > 2021 > September > Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
For those not in the Apple camp, the macOS Finder is the default file manager and GUI front-end used on all Macintosh operating systems.
It's the first thing users see upon booting, and it governs the launching of other applications and the overall user management of files, disks and network volumes.
Inetloc files are Apple-specific, and function as shortcuts to internet locations, such as an RSS feed or a telnet location; or they can be used to open documents locally on someone's Mac within a browser using the "File://" format.
Inetloc files can be specially crafted to contain embedded commands.
The crafted files can then be attached to malicious emails, researchers added - and if users are socially engineered into clicking on them, those commands embedded inside automatically execute in stealth mode, with no alert or prompt given to victims.
"A vulnerability in the way macOS processes.Inetloc files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning/prompts," according to the advisory.
News URL
https://threatpost.com/unpatched-apple-zero-day-code-execution/174915/
Related news
- Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) (source)
- CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability (source)
- Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)