Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

Threat Post -

All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.

A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it.

For those not in the Apple camp, the macOS Finder is the default file manager and GUI front-end used on all Macintosh operating systems. It’s the first thing users see upon booting, and it governs the launching of other applications and the overall user management of files, disks and network volumes. It’s the overlord application for everything else on the Mac, in other words.

According to an SSD Secure Disclosure advisory this week, the vulnerability exists in the way macOS Finder handles .Inetloc files. Inetloc files are Apple-specific, and function as shortcuts to internet locations, such as an RSS feed or a telnet location; or they can be used to open documents locally on someone’s Mac within a browser using the “file://” format (in place of http://). It’s the latter function that’s at

Read More: https://threatpost.com/unpatched-apple-zero-day-code-execution/174915/