Yet again, according to a fresh security analysis by an independent researcher, it looks like Apple is experiencing another public exploit resulting from a software vulnerability. News of a critical software vulnerability affecting a key macOS component has been released on September 21st, 2021.
The macOS Software Exploit
On September 21st, 2021 news of a remote code execution critical software vulnerability affecting macOS was reported to the SSD Secure Disclosure program by independent security researcher Park Minchan.
Technical Details
This is a remote code execution software vulnerability within Apple’s macOS Finder RCE component. The name of the software vulnerability is ‘Improper Authorization in Handler for Custom URL Scheme.’ The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to improper input validation in macOS Finder when processing custom URI schemes, such as File:// or fIle://. A remote attacker can create a specially crafted file with an inetloc extension, send it as an email attachment, trick the victim to open the email, and finally execute arbitrary OS commands on the system.
Affected Versions
The affected versions of macOS (Big Sur and earlier) are as follows;
Important User Information
At the moment, there is no patch available for this critical security problem, and Apple has since fallen silent. According to the SSD Disclosure portal, Apple has been notified of this however no response has been received from them, “As far as we know, at the moment, the vulnerability has not been patched”, SSD Disclosure wrote. Independent security researcher Park Minchan has also stated that “This vulnerability allows any program that can attach and execute files (iMessage, MS Office…) to Remote Code Execution from the operating system.” For the time being, macOS users should ensure that automatic updates are enabled in the ‘Software Update’ section within macOS.