Posted on September 23, 2021 at 2:08 PM
MacOS is one of the most reliable operating systems when it comes to security. However, no operating system is 100% secure, especially if a user does not know the basic techniques to gain online safety.
One of the areas that threat actors exploit is sending infected files to a victim’s computer. When users open these files, they compromise their operating systems and leave them prone to hacking attacks.
Vulnerability on MacOS
Research by Park Minchan has revealed that vulnerability exists on the macOS, allowing attackers to gain access to a Mac device using the macOS version until the Big Sur version. To control the device, a hacker only needs to open an attachment sent via email, which later compromises their device.
The research also revealed that the file sent to the victim’s device contained an inetloc extension that can be used to find and exploit a vulnerability in the macOS Finder. Minchan published a blog post in which he stated that the inetloc file is usually sent via email to Mac devices.
He stated that these files “can be embedded inside emails which if a user clicks on them will execute the commands embedded inside them without providing a promo or warning to the user.” He further added that once the user opens the email attachment, the operating system will not issue any warning of vulnerability that is being exploited.
Inetloc files were designed to be shortcuts that can lead to a specific internet location. These files can contain a telnet location or an RSS feed. However, these files contain a server address comprised of a username and a password that can be used to access an SSH and telnet connection.
Inetloc files are usually created when one types in a URL in a text editor. The text is later dragged into the desktop.
Apple Silently Fixes Issue
Minchan also stated that Apple had attempted to fix the issue in the latest version of Big Sur. However, it seems that the patch was not successful, as hackers could still explore the vulnerability.
One of the issues that Apple failed to identify when fixing the patch was the failure to assign a CVE identification number. According to Minchan, Apple only addressed the vulnerability partially because a hacker could still gain access to the operating system by altering the protocol used to run the commands hidden in the inetloc files. He also added that the file could still bypass the checks installed by Apple to fix the vulnerability.
The advisory also added that “We have notified Apple that the file doesn’t appear to be blocked, but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched.”
While Minchan provided all the details on how the hack was conducted, he failed to mention how the attackers can use the vulnerability to attack users. However, he noted that hackers could exploit the bug to create an email attachment with malicious links. When the user opens these attachments, they can launch a remote payload on the target’s device.
Minchan was not the only one who exposed this vulnerability. An analysis conducted by Bleeping Computer confirmed that the vulnerability existed. The proof-of-concept provided by Minchan was tested by Bleeping Computer, which confirmed that threat actors could use the bug to execute arbitrary commands on the MacOS Big Sur version.
Bleeping Computer also stated that the vulnerability could also be exploited using specially created and downloaded files from the internet. The report further added that commands on the MacOS devices could also be lodged on the device without any warning or prompt.
One of the worrying factors about this bug is that no anti-virus software cannot detect it. Inetloc files that carry the PoC code cannot be detected by any malware security software, which means that users will continue using their devices without knowing that they have been hacked or installed a bug on their system.
Apple is yet to issue an official report on whether the vulnerability has been fully patched. However, the vulnerability has shed light on the need for exercising safety when browsing online sites.
One of the safe online techniques include not opening email attachments sent from unknown sources. Online users are also urged to exercise caution when opening email attachments that have been sent to them from an anonymous source. Using phishing emails to attack users has been one of the widely used techniques by threat actors.