Apple macOS TextEdit Parsing Flaw leaked local Files via Dangling

Apple macOS TextEdit
Share It On:

25th April 2021, Kathmandu

Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection

UPDATED A vulnerability in macOS allowed attackers to execute malicious HTML on TXT files which, if opened by victims, could leak its IP address and, worse, allow access to local files.

Now patched, the security flaw came from how TXT files were analyzed by TextEdit, Apple̵

7;s open-source application that opens TXT files by default.

Despite these developments – and the 2019 discovery of memory corruption bugs that led to RCE in Microsoft’s similar text editor, Notepad – antivirus software, firewalls, and macOS Gatekeeper treat TXT files “as secure downloads that can be malicious” because they allegedly contain only text, said security researcher Paulos Yibelo in a blog post.

“They should not blindly trust TXT files,” says the researcher The Daily Swig. Regardless of the file type, “what interprets the file and how it is interpreted means more than anything else.” TXT or another extension “can be harmful if PHP includes it as code,” he adds.


Share It On:
Worldlink
NMB Bank

Recent Posts

See More
Dursikshya Education Network Successfully Concludes Finals of Discovery Education & Edutech’s National Coding Competition – Nepal Edition

Dursikshya Education Network Successfully Concludes Finals of Discovery Education &

Share It On:22nd December 2024, Kathmandu Dursikshya Education Network, in collaboration with Edutech India, Discovery Education UK, and ICT Frame

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support

Nammi’s Meteoric Rise 300 Cars on Nepal Roads in a Month

Nammi’s Meteoric Rise 300 Cars on Nepal Roads in a

Hero MotoCorp Launches Xtreme 125R in Nepal

Hero MotoCorp Launches Xtreme 125R in Nepal

Yamaha Nepal Sales Skills Contest: Celebrating Excellence in Kathmandu

Yamaha Nepal Sales Skills Contest: Celebrating Excellence in Kathmandu

Barsha Basnet Wins 125cc Scooter Dirt Race at TVS Motosoul 2024

Barsha Basnet Wins 125cc Scooter Dirt Race at TVS Motosoul

Xpeng G6 Launched in Pokhara by CG Motors

Xpeng G6 Launched in Pokhara by CG Motors

Ncell Retailer Nagendra Prasad Ganesh Wins Bajaj Discover Bike in

Ncell Retailer Nagendra Prasad Ganesh Wins Bajaj Discover Bike in Retail Engagement Program

Ncell To Support Dhulikhel Hospital For Telemedicine

Ncell To Support Dhulikhel Hospital For Telemedicine

Nepal Telecom Promotes 4G SIM Throughout The Country

Nepal Telecom Promotes 4G SIM Throughout The Country