Apple partially patches new macOS Finder zero-day vulnerability

A newly discovered bug in all versions of macOS, including the latest macOS Big Sur, allows attackers to run arbitrary code remotely with the help of files embedded in emails.

The vulnerability, discovered by independent researcher Park Minchan and reported to SSD Secure Disclosure, allows files with the inetloc extension to execute arbitrary commands without first prompting a Mac's user.Attackers can include inetloc files in email messages as attachments which, if clicked, will run the embedded code locally. It is unclear if the exploit has been used in the wild, but bad actors could conceivably leverage the bug to deliver malicious payloads to Mac users.

Read more...