Main Vulnerability Database SB2021092205

SB2021092205 - Remote code execution in Apple macOS

Published: September 22, 2021

Security Bulletin ID SB2021092205

Severity

Critical

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization in Handler for Custom URL Scheme (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation in in macOS Finder when processing custom URI schemes, such as File:// or fIle://. A remote attacker can create a specially crafted file with inetloc extension, send it as an email attachment, trick the victim to open the email and execute arbitrary OS commands on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/