macOS Finder Feature Vulnerability is Being Exploited

Photograph of MacBook Pro

Software vulnerabilities affecting slick tech giant Apple have been reported at a higher frequency this year, some of them with potentially dangerous consequences. A wide variety of Apple’s repertoire of products such as the revolutionary AirTag and security weaknesses like operating system coding flaws and browser risks have been scrutinized by the cybersecurity community in the past few months. Even though Apple is very pedantic about its cybersecurity posture, and prioritizes quality, brand reputation, and customer satisfaction, sometimes even its core components can be vulnerable leading to potentially catastrophic consequences. Security flaws are especially worrisome when they are publicly exploited in the wild.

Yet again, according to a fresh security analysis by an independent researcher, it looks like Apple is experiencing another public exploit resulting from a software vulnerability. News of a critical software vulnerability affecting a key macOS component has been released on September 21st, 2021.

The macOS Software Exploit

On September 21st, 2021 news of a remote code execution critical software vulnerability affecting macOS was reported to the SSD Secure Disclosure program by independent security researcher Park Minchan.

Technical Details

This is a remote code execution software vulnerability within Apple’s macOS Finder RCE component. The name of the software vulnerability is ‘Improper Authorization in Handler for Custom URL Scheme.’ The vulnerability allows a remote attacker to compromise the affected systemThe vulnerability exists due to improper input validation in macOS Finder when processing custom URI schemes, such as File:// or fIle://. A remote attacker can create a specially crafted file with an inetloc extension, send it as an email attachment, trick the victim to open the email, and finally execute arbitrary OS commands on the system.

Affected Versions

The affected versions of macOS (Big Sur and earlier) are as follows;

macOS: 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.618G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.14.6 18G4032, 10.14.6 18G5033, 10.14.6 18G6020, 10.14.6 18G6032, 10.14.6 18G6042, 10.14.6 18G7016, 10.14.6 18G8012, 10.14.6 18G8022, 10.14.6 18G9028, 10.14.6 18G9216, 10.14.6 18G9323, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7 19H114, 10.15.7 19H512, 10.15.7 19H524, 10.15.7 19H1030, 10.15.7 19H1217, 10.15.7 19H1323, 10.15.7 19H1417, 11.0 20A2411,  11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 11.3 20E232, 11.3.1 20E241, 11.4 20F71, 11.5 20G71, 11.5.1 20G80, 11.5.2 20G95, 11.6 20G165.

Important User Information

At the moment, there is no patch available for this critical security problem, and Apple has since fallen silent. According to the SSD Disclosure portal, Apple has been notified of this however no response has been received from them, “As far as we know, at the moment, the vulnerability has not been patched”, SSD Disclosure wrote. Independent security researcher Park Minchan has also stated that “This vulnerability allows any program that can attach and execute files (iMessage, MS Office…) to Remote Code Execution from the operating system.”

For the time being, macOS users should ensure that automatic updates are enabled in the ‘Software Update’ section within macOS.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.