The researcher found a vulnerability in the macOS Finder, which allows an attacker to run commands on Mac computers with any version of macOS (up to the latest version of Big Sur). There is no patch for this problem yet.
The vulnerability was discovered by independent information security expert Park Minchan, and it is related to the way macOS handles .inetloc files (Internet location files). .inetloc files are system-wide bookmarks that can be used to open various network resources (news://, ftp://, afp://) and local files (file://). As a result, these files force the OS to run any commands embedded by the attacker without any warnings or prompts.
While Apple tried to fix the problem without assigning the CVE ID to the vulnerability, Minchan noted that the company’s patch only partially fixed the problem, and the vulnerability can still be exploited by changing the protocol used to execute inline commands from file:// to FiLe://.
Although Minchan has already informed Apple of his findings, he has not received a response from the company, and the vulnerability has not yet been fixed.
Bleeping Computer has tested a PoC exploit provided by the researcher and confirms that the vulnerability can be used to run arbitrary commands in macOS Big Sur.
It is noted that attackers can abuse this bug, for example, to create malicious email attachments that will launch payloads upon opening.
Let me remind you that we recently reported that on the day of the release of iOS 15, expert showed how to bypass the lock screen.
