Apple macOS TextEdit Parsing Flaw leaked local Files via Dangling

Apple macOS TextEdit
Share It On:

25th April 2021, Kathmandu

Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection

UPDATED A vulnerability in macOS allowed attackers to execute malicious HTML on TXT files which, if opened by victims, could leak its IP address and, worse, allow access to local files.

Now patched, the security flaw came from how TXT files were analyzed by TextEdit, Apple̵

7;s open-source application that opens TXT files by default.

Despite these developments – and the 2019 discovery of memory corruption bugs that led to RCE in Microsoft’s similar text editor, Notepad – antivirus software, firewalls, and macOS Gatekeeper treat TXT files “as secure downloads that can be malicious” because they allegedly contain only text, said security researcher Paulos Yibelo in a blog post.

“They should not blindly trust TXT files,” says the researcher The Daily Swig. Regardless of the file type, “what interprets the file and how it is interpreted means more than anything else.” TXT or another extension “can be harmful if PHP includes it as code,” he adds.


Share It On:

Recent Posts

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a Diverse Tech Workforce in Nepal

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a

Share It On:21st November 2024, Kathmandu Genese Solution – a value IT consulting company, and Kageshwori Manohara municipality, have joined

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to Nepali Customers

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to

Share It On:21st November 2024, Kathmandu Shikhar Insurance had a grand celebration for their 20th Anniversary. On the occasion of

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key Trends and Investments

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key

Share It On:21st November 2024, Kathmandu As 2024 draws to a close, India’s generative AI ecosystem stands out as a