Apple silently patched macOS vulnerability

By | 2017-10-28T22:26:51+00:00 29 September 2017|

Cybersecurity experts claim Apple has silently patched a macOS vulnerability that can be exploited to bypass one of the operating system`s security features and execute arbitrary JavaScript code without restrictions.

The problem was discovered by Filippo Cavallarin of Segment and is described as a local JavaScript quarantine bypass vulnerability.

When a file is downloaded from the internet, macOS places it in “quarantine” by adding the extension. This ensures that the user is warned of potential security risks before the file is executed.

Cavallarin has found a way to bypass the file quarantine feature by exploiting DOM-based XSS vulnerabilities in an HTML file named rhtmlPlayer.html, which is stored in the /System/Library/CoreServices folder of the OS.

According to him, this file contains two DOM-based XSS flaws that can be exploited by hackers via Uniform Resource Identifier (URI) components.

One way to exploit this vulnerability is to use .webloc files that allow users to save website addresses to the local system. In macOS, this type of files is automatically opened with the Safari web browser.

The hacker must to embed the JavaScript code they want to be executed into a .webloc file, send it to the victim, and trick them to open it.

Segment has posted a video showing how hackers can exploit this flaw to steal sensitive data from the targeted device:



The vulnerability affects affect macOS 10.12, 10.11, 10.10 and likely prior versions of the operating system. The problem has been reported to Apple and has been patched by the company with the release of macOS High Sierra 10.13, but without even mentioning it.

This is not the only macOS vulnerability revealed this week. Cybersecurity specialist Patrick Wardle discovered a critical zero-day vulnerability in macOS, that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain.