News

Apple Hasn’t Completely Closed Serious macOS Vulnerability With Internet Shortcuts

By admin
Spread the love

Apple has patched a vulnerability that makes it possible to execute code using Internet shortcuts, but the fix doesn’t seem to work. Although the file:// prefix is ​​blocked, the fix is ​​case sensitive, so File:// will still work.

Security researcher Park Minchan discovered the vulnerability, which resides in the inetloc shortcuts, which point to an Internet location. Still, their destiny is to bend with the aforementioned prefix. That’s not the intention, since file:// in macOS Big Sur isn’t accepted in an inetloc shortcut, but Apple apparently accidentally made this line case-sensitive in its OS, making it easy to exploit.

Minchan had already reported the vulnerability to Apple on September 21, but has not yet received a response. Ars Technica put it to the test and managed to exploit the vulnerability on macOS Big Sur 11.6, the most recent version of the operating system. Minchan warns that such files perform their function without any further warning when opened and that caution is advised with .inetloc files.

The code of a currently working exploit. Image via Ars Technica

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Russian ministry bans iPhones due to suspicion of espionage