Cybersecurity researcher Park Minchan on Tuesday unfold details of an unpatched zero-day vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines.
Summary
A vulnerability in macOS Finder permits files whose extension in inetloc to carry out arbitrary commands, these files can be embedded inside emails which if the user clicks on them, will execute the commands embedded inside them without providing a prompt or warning to the users.
How it works
The fault came to light due to the manner macOS processes INETLOC files shortcuts to open internet locations such as RSS feeds, Telnet connections, or other online resources and local files resulting in a plot that allows commands embedded in those files to be executed without any warning.
Research group Secure Disclosure (SSD) observed that the situation INETLOC is referring to a file:// protocol which allows running locally (on the user”s computer) stored files. It was also stated that if the INETLOC file is attached to an email, clicking on the attachment will trigger the vulnerability without warning.
For more information on this vulnerability, kindly follow this URL:
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
Remediation
Currently, there is no detailed patch available for this kind of vulnerability. However, the researchers from SSD, recommend the following:
Install newer versions of macOS.
PDF Download: Unpatched High-Severity Vulnerability Affects Apple macOS Computers.pdf
References
The unpatched high-severity vulnerability affects Apple macOS computers (21st September 2021). Retrieved from thehackernews.
https://thehackernews.com/2021/09/unpatched-high-severity- vulnerability.html
The unpatched high-severity vulnerability affects Apple macOS computers (21st September 2021). Retrieved from SSD.