macOS Finder Bug Lets Hackers Control Macs

Despite the fact that macOS is a very safe operating system, it can nevertheless be attacked, particularly if users open dangerous or unfamiliar files. A vulnerability of this nature has recently been discovered, allowing an attacker to take control of an attacker from a macOS computer to a vast surface by simply clicking on an e-mail attachment, according to MacWorld.

Researcher Park Minchan discovered (BleepingComputer) that the inetloc extension files can be used to exploit the macOS Finder vulnerability. As Minchan asserts in a blog post on SSD Secure Disclosure, ineptOC files (intoc files) can be put into e-mail messages, and when the recipient clicks on them, the inner instructions can be executed with no prompt or warning to the recipient. In the words of SSD Secure Disclosure, opening the attachment exploits the vulnerability without giving any indication if the inetloc file is attached to an e-mail.

"Originally, inetloc files are shortcuts to an Internet location, such as an RSS feed or a telnet location; and contain the server address and possibly a username and password for SSH and telnet connections; can be created by typing a URL in a text editor and dragging the text to the Desktop."

According to Minchan, Apple has already attempted to rectify the situation in Big Sur, although it does not appear to have completely closed the gap in the system. Apple prohibited the file:/ prefix in order to prevent that happening, but stated that an attacker may simply change the prefix so that it does not satisfy the scenario — for example, File:/ is not blocked — to circumvent the restriction. Apple did not respond to concerns about vulnerabilities or provide information about the original security upgrade.

Regardless of which operating systems you use, it is strongly recommended that you do not open message attachments from unknown sources and to be especially careful when opening attachments that have been forwarded to you from an unknown source.