https://safirsoft.com Zero day flaw allows remote code execution even on fully patched Macs

Hot Potato: A security researcher has discovered that Apple has only partially fixed a vulnerability that affects all versions of macOS. The company tried to solve the problem silently, but failed, leaving millions of Macs vulnerable to remote code execution without any warning or urging.

Apple has recently done a good job of fixing several vulnerabilities in macOS, but at least one of them will be more difficult to fix than the Cupertino giant expected.

According to independent researcher Park Minchan, a bug in all versions of macOS - including macOS Big Sur - allows malicious actors to embed emails with the help of a few simple files. remote code. Via Apple Mail or any other email app.

Minchan says this is possible due to a flaw in how macOS manages internet location (inetloc) files, making any inline commands difficult. These bookmarks are usually used throughout the system to open online resources or local files, but in this case, attackers can use them to execute malicious code on the Mac without warning or prompting the user.

This can be done by changing the preview link in the inetloc file to "file://" and all it takes is a user click. Apple tried to fix this bug in macOS Big Sur, but did so quietly without specifying a CVE, ignoring the fact that using "file://" or "fIle://" (for simplicity of value manipulation) could work. as well as "file://."

Minchan has reported the matter to the company but has yet to respond. In the meantime, all you can do is avoid opening email attachments with the "inetloc" extension.

Zero day flaw allows remote code execution even on fully patched Macs
zero-day-flaw-allows-remote-code-execution-even-on-fully.html

https://safirsoft.com Apple M1 Max chipset shows teeth in PugetBench for Premiere Pro

Apple M1 Max chipset shows teeth in PugetBench for Premiere Pro

Why it matters: Adobe Premiere Pro may not be suitable for Mac video editors because it doesn't have the level of optimization for Apple's Final Cut P...
https://safirsoft.com Apple's MacBook Air 2022 expected to ship with M2 chip

Apple's MacBook Air 2022 expected to ship with M2 chip

Futurist: Apple analyst and developer iOSdylandkt said in a recent Twitter post that the upcoming Air will be released in mid-2022 and will come with ...
https://safirsoft.com 16-inch MacBook Pro with M1 Max chip will have High Power Mode

16-inch MacBook Pro with M1 Max chip will have High Power Mode

At the recent Unleashed event, Apple spent a lot of time talking about the amazing power of the latest MacBook Pro M1 Max. The company has now confirm...
https://safirsoft.com Parts shortage finally reached Apple with increased delivery time

Parts shortage finally reached Apple with increased delivery time

So far, Apple has been largely immune to the global shortages of chips and components that have plagued other device makers, but the company seems to ...
https://safirsoft.com The new top-spec MacBook Pro costs more than $6000

The new top-spec MacBook Pro costs more than $6000

Apple unlocked the rumored MacBook Pro on Monday, confirming the presence of the M1 Pro and M1 Max SoCs. What we have seen so far seems very deceptive...
https://safirsoft.com Apple's advertising growth appears to have tripled since the app's transparency rules were enacted

Apple's advertising growth appears to have tripled since the app's transparency rules were enacted

After Apple began implementing app tracking transparency earlier this year, Facebook predicted an "end of the world." I don't know if this is really t...