Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

inetloc files are shortcuts for internet locations, such as RSS feeds. However, this can also include the file:// URI.

When using this with executables on MacOS, the file is simply ran! The POC is an extremely simple file that just runs the Calculator App on MacOS. It should be noted that the POC has a file URI with a large amount of slashes (/) in the XML file. However, only 3 are needed from my personal testing of the bug. I do not know why they would make such a confusing POC. When opening this as an email attachment even, arbitrary programs can be ran.

The fix from Apple tried restricting the file URI. However, the validation was case-insensitive! This meant that FIle:// could be used in order to bypass the check on newer versions.

This is a simple bug that is really easy to exploit. However, I think you would need a way to call a program with specific arguments in order to exploit this to allow for complete compromise. I wonder if the terminal can be called in this way?