Apple silently attempted to patch a 0-Day critical system ‘inetloc’ file vulnerability which allowed attackers to remotely execute commands in macOS

Apple Inc macOS Mac PC Security Vulnerability Inetloc
Apple attempted to snub the threat quietly but couldn’t? Pic credit: Pxfuel

Apple macOS Finder tool had a serious security vulnerability that could potentially allow a remote attacker to execute arbitrary commands. The iPhone maker apparently tried to patch the 0-Day “Inetloc” flaw without assigning an identifier but reportedly failed.

Security researchers have disclosed a new flaw inside Apple’s macOS Finder. The loophole allows attackers to run arbitrary commands on MacBook and Mac computers. Concerningly, the flaw seemingly resides in all the modern versions of macOS, including the latest Big Sur update.

Apple macOS Finder has a 0-Day Security Vulnerability in the way macOS handles files with .inetloc extension:

Independent security researcher Park Minchan discovered a security flaw in the way macOS processes inetloc files. The flaw can allow any threat actor to easily run arbitrary commands remotely.

Shockingly, the flaw doesn’t raise any security alarms. However, the vulnerability does require user action on the target Apple computer running macOS.

Internet location files have “.inetloc” extensions. On macOS, these files are essentially system-wide bookmarks. In other words, they work across multiple tools and applications.

Files with .inetloc extensions guide users to online resources. Many web developers and even application creators use these extensions to send MacBook or Mac users to web platforms.

Depending on the execution of the file, they may send users to digital resources such as (news://, ftp://, afp://) or even local files (file://).

An SSD Secure Disclosure advisory published today, mentions: “A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands. These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user.”

Apple Inc. attempted to fix the .inetloc security vulnerability quietly, without assigning a CVE ID:

Tech giants need to assign a CVE (Common Vulnerabilities and Exposures) identification number to a threat or vulnerability. The CVE ID helps the security community refer to critical information and updates about a security vulnerability.

The CVE ID also confirms if or when the security vulnerability is patched. Apple Inc. however, routinely attempts to address security threats and loopholes clandestinely.

Apple reportedly attempted to address this exploit without assigning a CVE ID. The company, however, partially addressed the same.

New versions of macOS, starting from Big Sur, block file:// prefix that could originate from a file with .inetloc extension. However, just by “mangling” the value, defeats the mitigations.

Minchan claimed instead of “file”, attackers could simply use modified versions such as “FiLe” or “fIle” to bypass the security patches.

As there’s no CVE ID, it is difficult to ascertain if the exploit is active in the wild. However, attackers will simply need to launch large email phishing campaigns to deploy the threat. Any victim clicking on a weaponized file with .inetloc extension could allow attackers to remotely run arbitrary commands.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x

Warning: Undefined variable $posts in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Trying to access array offset on value of type null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Attempt to read property "post_author" on null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309