This vulnerability allows any program that can attach and execute files (iMessage, MS Office…) to Remote Code Execution
Independent security researcher Park Minchan explains:Ī vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user.Īpple’s Mail app for Mac is not the only method of delivery, however. What exactly is the “inetloc” vulnerability? Let’s take a look at what the vulnerability entails, and how an attacker could use it. The bug effectively allows an attacker to bypass Apple’s File Quarantine and Gatekeeper technologies.Īpple attempted to silently fix the vulnerability in macOS Big Sur, but failed to do so properly. Security & Privacy Remotely exploitable “inetloc” zero-day vulnerability hits the MacĪn independent researcher has just published details of a “macOS Finder RCE” (remote code execution) vulnerability.
