The bug impacts all latest macOS versions

A new Zero Day vulnerability in macOS has been discovered. The flaw impacts all macOS versions up to the latest release Big Sur. The bug was found by Park Minchan an independent security researcher and is tied to the way that macOS processes inteloc files. The processing methodology allows an attacker to embed malicious commands which the system will execute without any warnings or prompts visible to the user of the targeted machine.

Interloc is short for "internet location files" and have the extension "*.interloc"

 

A recently advisory had this to say about the newly discovered flaw

"A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands. These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user."

In this particular instance Apple botched the fix quietly patching the issue without assigning it a CVE identification number.

 

About the fix...

Unfortunately, the fix was only partial and at present the bug can still be exploited in some instances as described below:

"Newer versions of macOS (from Big Sur) have blocked the file:// prefix (in the com.apple.generic-internet-location) however they did a case matching causing File:// or fIle:// to bypass the check. We have notified Apple that FiLe:// (just mangling the value) doesn't appear to be blocked but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched."

Park Minchan developed a proof of concept that demonstrates how the bug could be exploited but to date no threat actors have been discovered exploiting the flaw in the wild. It is just a matter of time, however. A flaw like this represents a serious weakness in the security of the OS.

 

My perspective

Be aware that the easiest way to exploit the bug is via malicious links embedded in emails so make sure your employees are aware of the risks. And be aware of connecting these Apple Macs to your network.

You don't want to have to emulate Jim Lovell in saying:

"Houston, we have a problem"

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak for free to your association