Tech

A security flaw has been discovered on macOS: beware of .inetloc files

Deepak GuptaSeptember 23, 2021
0

A simple, but rather dangerous, security vulnerability has been discovered in macOS. It allows you to execute code remotely, with the help of a stupid, seemingly harmless shortcut file.

A new security flaw has been discovered within macOS. In a blog post dated September 21, 2021, the cybersecurity specialist SSD Disclosure details how a simple web shortcut file can be used to execute code remotely on a Mac.

The flaw is located at the heart of the system, since it is the Finder (the file explorer of macOS), itself, which is affected. It seems that all versions of macOS are affected, even the most recent version (macOS Big Sur 11.6). We were indeed able to reproduce it on a perfectly up-to-date computer.

Where does the security breach come from?

The flaw is not terribly complicated to exploit. A victim only needs to open a simple .inetloc file for a hacker to take control of their machine. .Inetloc files are normally shortcuts to a web server, or to a machine on the local network. But with a little bit of development knowledge, it is possible to place system commands within this small file. Commands that will be silently executed, without even the owner of the machine realizing it.

We were able to test the flaw on a perfectly updated version of macOS // Source: screenshot

In the example provided by SSD Disclosure, it is possible to open the Calculator application by simply double-clicking on an .inetloc file. This script is perfectly benign, but proves that a command can be hidden in a seemingly harmless file. We were able, with two or three modifications, to launch a terminal emulator and execute commands. You just need to point to a local resource (present on the hard drive of the computer) with the prefix “File: //” to access the content of the computer.

Do not run an .inetloc file

Warned the first time by whoever discovered the flaw, Apple has deployed a security patch that unfortunately does not go far enough. The patch made available by Apple blocks remote code execution with the prefix “file: //”, but does not take into account typographical case. This means that variants like “FiLe: //” or “filE: //” always work.

According to SSD Disclosure, even opening such a file in an email attachment can infect your computer. Until this flaw is fixed (which we hope won’t take too long given the simplicity of the problem), the best thing to do is therefore to be very careful when downloading files of this type. More generally, do not open files from unknown sources, you will avoid trouble.

We have other articles that may interest you:
  1. Safari: macOS Monterey and iOS 15 latest beta shows Apple is still looking for the perfect interface
  2. Windows 10: Wi-Fi security will be strengthened with the future big update
  3. This is the video game music that has been played at the Olympics ceremony
  4. Chrome makes SMS security codes more user-friendly, if you have the patience to set everything up
  5. If hospitals are attacked, it is because “their security is zero”
  6. A new security update for macOS Catalina 10.15.7 is now available
Deepak GuptaSeptember 23, 2021
0

Related Articles

GTA owners give clues to the release of GTA 6 camouflaged between numbers

May 18, 2023

Apple would work on a connected alliance to spy on his spouse, really?

February 2, 2022

The ‘mystery boxes’ arrive on Netflix, what are they and who are they for?

May 20, 2022

Zenless Zone Zero is now official: first trailer and closed beta

May 16, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *