A macOS vulnerability causes commands to be executed remotely

The cybersecurity researcher Park Minchan he discovered one still unresolved vulnerability in macOS, which allows hackers to execute commands remotely. The flaw creates problems for macOS Big Sur and earlier and can be very dangerous.

A macOS vulnerability puts Apple’s computers at risk

The problem concerns all shortcut files that contain the extension “inetloc”, which can hide commands to be executed remotely from the whole. Minchan explains: “A vulnerability in the way macOS process inetloc files causes the commands contained within to execute. The commands it executes can be internal to macOS, allowing the execution of arbitrary commands without any warning to the user. Inteloc commands were originally shortcuts [shortcut] to internet addresses, such as an RSS feed or a telnet location. And they contain the server address and possibly username and password for telnet or SSH connections. They can be simply created by typing a URL in a text editor and dragging the text onto the Desktop ”.

Minchan reported the flaw to Apple through the program SSD Secure Discolusure.

Internet shortcuts are present on both Windows and macOS. But this bug only affects the shortcuts of macOS users, especially those who use the native client for emails. In fact, by opening an e-mail attachment that contains an inetloc file, you risk activating the code inside, exploiting this flaw.

Apple would have fixed this problem blocking addresses in text files starting with “file: //“, Which allows you to activate a local shortcut. However Minchan pointed out that just writing File with a capital letter is enough to circumvent the fix.

So macOS users should be careful about opening any inteloc email attachments, especially if they are using the native client offered by Apple.