While macOS is a very secure operating organization , malware can get through , especially if users are opening unsafe or unknown files . One such exposure was recently discovered that could allow an assaulter to check a Mac running any macOS version up to Big Sur simply by clicking on an e-mail attachment .
Researcher Park Minchan(viaBleeping Computer ) found that files that have the inetloc telephone extension can be used to overwork a vulnerability in the macOS Finder . In a blog post onSSD Secure Disclosure , Minchan reports that inetoc files “ can be imbed inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warn to the user . ” As SSD Secure Disclosure explains , if the inetloc Indian file is attached to an electronic mail , start the fond regard “ will trigger the vulnerability without warn . ”
Originally , inetloc filing cabinet are shortcuts to an Internet location , such as an RSS feed or a telnet location ; and contain the server computer address and possibly a username and watchword for SSH and telnet connections ; can be make by type a URL in a text editor program and dredge the text to the background .
According to Minchan , Apple assay to antecedently desex the topic in Big Sur , but it does n’t appear to have fully plug the trap . Apple blocked the file:// prefix to stop this from happening , but he pronounce an aggressor can simply qualify the prefix so it is not guinea pig matched — for example , File:// is not choke up . Apple has not responded to inquiries regarding the exposure nor has it posted selective information touch to the initial security update .
This is a salutary chance to remind users to not open message attachments from unknown sources — and to be especially conservative when opening attachments that have been forwarded to you by an unknown origin . For extra protection , you could also check out our roundup of thebest antivirus software for your Mac
