The vendor has been notified us that file:// has been silently patched the vulnerability in Big Sur and has not assigned it a CVE. We have notified Apple that FiLe:// (just mangling the value) doesn’t appear to be blocked, but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched.
Ok, but how long did they wait before publicly disclosing the vulnerability? It’s not clear from this description whether the security researcher attempted responsible disclosure. Normally the researcher only posts a public notice of the vulnerability after a multiple month window following initial contact with the vendor. Am I missing something?
This write-up left me confused. It was not clear to me what an attacker needs to do. This requires the user to click, no? Maybe I just don’t know enough about macOS, but maybe this article was also a bit poorly written?
macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands
so, I guess, use your common sense and don’t click everything you see.
Ok, but how long did they wait before publicly disclosing the vulnerability? It’s not clear from this description whether the security researcher attempted responsible disclosure. Normally the researcher only posts a public notice of the vulnerability after a multiple month window following initial contact with the vendor. Am I missing something?
EDIT: wording
This write-up left me confused. It was not clear to me what an attacker needs to do. This requires the user to click, no? Maybe I just don’t know enough about macOS, but maybe this article was also a bit poorly written?
so, I guess, use your common sense and don’t click everything you see.