Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
Researchers have found an unpatched zero-day in macOS Finder that could allow for remote execution. All a user needs to do is click on an email attachment and the code is executed secretly without the victim knowing. The vulnerability affects Big Sur and prior versions of macOS. MacOS Finder is the default file manager and GUI front-end used on all Macintosh operating systems. Earlier this week, an SSD Secure Disclore advisory was released detailing how the vulnerabilities exist in the way the Finder handles certain files and functions as shortcuts to internet locations such as an RSS feed.
The Apple-specific .Inetloc files can be crafted to contain embedded commands, which can then be linked in malicious emails. If a target is socially engineered into clicking on the malicious link, it will be infected with the virus. The exploit scenario is simple, according to a video included in the SSD alert. Independent security researcher Park Minchan reported the vulnerability first, noting that the bug affected macOS. Apple chose not to issue a CVE and patch the issue instead, however, the fix is not effective.