Zero-Day Update: New macOS Bug Lets Hackers Run Your Mac Commands Remotely

Zero-Day Update: New macOS Bug Lets Hackers Run Your Mac Commands Remotely

Apple’s security headaches continue to pound. Researchers have recently found yet another threat. In this latest, hackers are able to trick users into allowing them to run commands remotely on macOS Big Sur.

It was discovered by independent expert, Park Minchan, and reported to the SSD Secure Disclosure program. They have this to say:

“A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user
[…]
If the inetloc file is attached to an email, clicking on the attachment will trigger the vulnerability without warning.”

While Apple has released a patch for this issue, it has subsequently been reported that it can easily be circumvented. SSD Secure Disclosure has notified Apple of this, but has yet to receive a reply.  As such, until this vulnerability has been properly addressed macOS users should be extra vigilant when it comes to engaging with emails.

On the other hand, this is also simply part of a wider issue: that Macs are indeed vulnerable to attacks. In May, it was attackers being able to take screenshots on your Mac; in July, it was corrupted-memory systems being sitting-ducks for takeover; and just this month we’ve had the zero-clicks debacle. The evidence continues to pile up.

Trend Micro’s Antivirus One Can Protect Your Mac

After several months of these Mac security issues coming to light, it should be clear by now that the old myth of Apple products not requiring third-party antivirus protection is untrue — and unsupported by the evidence we see every month.

Though this latest issue is up to Apple to fix, it would be remiss of us to not encourage you to download our free Antivirus One product for full protection. Its key features include:

  • Fast and thorough scans in under a minute — and the power to eliminate anything malicious if found.
  • Constant, real-time web threat protection as you browse.
  • Data privacy sweeps — in which your personal data will be sought out and eliminated before leaked on dangerous websites.

Antivirus One is free, fast, and thorough. Try it now: you haven’t a thing to lose in quickly ramping up your defenses.

Antivirus One

Click each tag to explore related articles.

You Might Also Be Interested In