in ,

macOS Finder RCE: A vulnerability in macOS Finder allows files to execute arbitrary commands.

apple-security-inetloc-finder-mail

A vulnerability in macOS Finder allows files with the inetloc extension to run arbitrary commands. These files can be inserted inside emails, and when the user clicks on them, the commands embedded inside them are executed without prompting or warning.

Credit

This flaw was discovered by Park Minchan, an independent security researcher.

Analysis

A flaw in the way macOS handles inetloc files leads it to run instructions embedded inside; the commands it runs can be local to macOS, allowing the user to execute arbitrary commands without warning or prompting.

Originally, inetloc files were shortcuts to an Internet location, such as an RSS feed or a telnet location; they contained the server address and, in some cases, a username and password for SSH and telnet connections; and they could be created by typing a URL in a text editor and dragging the text to the Desktop.

In this example, inetloc refers to a file:/ “protocol” that allows locally (on the user’s machine) stored files to be launched.

If the inetloc file is attached to an email, clicking on it will automatically activate the vulnerability.

The file:/ prefix has been disallowed (in the com.apple.generic-internet-location) in newer versions of macOS (since Big Sur), however they did a case matching, allowing File:/ or fIle:/ to bypass the check.

Below is a demonstration on how this vulnerability works:

Credit: SSD Secure Disclosure

Leave a Reply

Your email address will not be published.

Windows-11-how-to-bypass-the-hardware-requirements

Want to try out Windows 11 but don’t want to spend the money on a new computer? Here’s how to get around the hardware restrictions.

New AI capabilities, guided edits, and more are included in Adobe Photoshop and Premiere Elements 2022.