Ncell

Apple macOS TextEdit Parsing Flaw leaked local Files via Dangling

Apple macOS TextEdit
Share It On:

25th April 2021, Kathmandu

Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection

UPDATED A vulnerability in macOS allowed attackers to execute malicious HTML on TXT files which, if opened by victims, could leak its IP address and, worse, allow access to local files.

Now patched, the security flaw came from how TXT files were analyzed by TextEdit, Apple̵

7;s open-source application that opens TXT files by default.

Despite these developments – and the 2019 discovery of memory corruption bugs that led to RCE in Microsoft’s similar text editor, Notepad – antivirus software, firewalls, and macOS Gatekeeper treat TXT files “as secure downloads that can be malicious” because they allegedly contain only text, said security researcher Paulos Yibelo in a blog post.

“They should not blindly trust TXT files,” says the researcher The Daily Swig. Regardless of the file type, “what interprets the file and how it is interpreted means more than anything else.” TXT or another extension “can be harmful if PHP includes it as code,” he adds.


Share It On:
Worldlink
NMB Bank

Recent Posts

See More
Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a

TVS Naya Yug Ko Aarambha 2024: Lucky Winners Announced

TVS Naya Yug Ko Aarambha 2024: Lucky Winners Announced

India’s EV Landscape Expands: Maruti and Mahindra’s Upcoming Launches

India’s EV Landscape Expands: Maruti and Mahindra’s Upcoming Launches

CG Motors Dashain Tihar Offer 2024: Chance to Win Big With Hero Motorcycles

CG Motors Dashain Tihar Offer 2024: Chance to Win Big

KTM Nepal’s Track Test Experience 2024: Uniting Enthusiasts For Thrills and Safety

KTM Nepal’s Track Test Experience 2024: Uniting Enthusiasts For Thrills

Great Himalayan Odyssey 2024: Bajaj Dominar’s First Motorcycle Journey to Ladakh

Great Himalayan Odyssey 2024: Bajaj Dominar’s First Motorcycle Journey to

NTA Passes Draft Regulation To Merge Telecommunications Service Provider Companies

NTA Passes Draft Regulation To Merge Telecommunications Service Provider Companies

ClassicTech “Toofan Offer” with High-Speed Internet Service in Nepal

ClassicTech “Toofan Offer” with High-Speed Internet Service in Nepal

National Measles-Rubella Campaign Resumes Inside Kathmandu Metropolitan City

National Measles-Rubella Campaign Resumes Inside Kathmandu Metropolitan City