{"id":57,"date":"2021-09-24T21:25:45","date_gmt":"2021-09-25T01:25:45","guid":{"rendered":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/?p=57"},"modified":"2021-10-24T13:50:02","modified_gmt":"2021-10-24T17:50:02","slug":"new-macos-zero-day-bug-lets-attackers-run-commands-remotely","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/2021\/09\/24\/new-macos-zero-day-bug-lets-attackers-run-commands-remotely\/","title":{"rendered":"New macOS zero-day bug lets attackers run commands remotely"},"content":{"rendered":"<p><span style=\"font-weight: 400\">Researchers discovered a flaw in Apple\u2019s MacOS Finder which allows for arbitrary command execution on Mac devices.\u00a0 This was previously thought to be remediated, notably without a CVE number, but a workaround was found. The exploit occurs when an INETLOC file is opened which contains the File:\/\/ prefix.\u00a0 These files are bookmarks that can be used to open online resources such as: (news:\/\/, ftp:\/\/, afp:\/\/) or local files (file:\/\/).<\/span><\/p>\n<p><span style=\"font-weight: 400\">Apple\u2019s previous patch only blocked the all lowercase file:\/\/ prefix.\u00a0 Different cases, e.g. File:\/\/, fiLe:\/\/, can bypass the check added by the prior patch.\u00a0 The vulnerability can be exploited via email\u00a0 by including an INETLOC file as an attachment. This is particularly concerning as commands embedded by an attacker can be executed without prompting the user. Exploit proof of concepts went undetected by antimalware programs.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400\"><strong>Article<\/strong>: New macOS zero-day bug lets attackers run commands remotely<\/span><\/p>\n<p><span style=\"font-weight: 400\"><strong>Author<\/strong>: Sergiu Gatlan<\/span><\/p>\n<p><span style=\"font-weight: 400\"><strong>Published<\/strong>: September 21, 2021\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><strong>Site<\/strong>: bleepingcomputer.com<\/span><\/p>\n<p><span style=\"font-weight: 400\">Link: <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/new-macos-zero-day-bug-lets-attackers-run-commands-remotely\/\"><span style=\"font-weight: 400\">https:\/\/www.bleepingcomputer.com\/news\/apple\/new-macos-zero-day-bug-lets-attackers-run-commands-remotely\/<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers discovered a flaw in Apple\u2019s MacOS Finder which allows for arbitrary command execution on Mac devices.\u00a0 This was previously thought to be remediated, notably without a CVE number, but a workaround was found. The exploit occurs when an INETLOC file is opened which contains the File:\/\/ prefix.\u00a0 These files are bookmarks that can be [&hellip;]<\/p>\n","protected":false},"author":26653,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[79],"tags":[79],"class_list":{"0":"post-57","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-5","7":"tag-week-5","8":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/57","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/users\/26653"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/comments?post=57"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/57\/revisions"}],"predecessor-version":[{"id":58,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/57\/revisions\/58"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/media?parent=57"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/categories?post=57"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/tags?post=57"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}