However, Yibelo noticed that TextEdit also allows users to add basic text formatting (things like font color, bold or italic text, etc). Because these files only contain text, most firewall apps - and Gatekeeper itself - treat TXT files as harmless. TextEdit, the Mac’s built-in text editing app, is the default app used for handling TXT files (i.e. For this reason, Yibelo’s research is definitely still worth talking about! How does CVE-2019-8761 work? files that aren’t apps) can also cause serious security risks. Nevertheless, many Mac users are unaware that non-executable file types (i.e. So unless you’re running a version of macOS Catalina that hasn’t been updated in a very long time, you don’t have to worry about any direct threat from CVE-2019-8761. The research discussed in this article refers to a 2019 vulnerability that Apple has already patched. In this short article, we’ll discuss Yibelo’s research and say what it all means for Mac security. The bug could have allowed bad actors to craft malicious TXT files - files that, if opened, could have been used to execute HTML, leak user data, and more. This month, a security researcher named Paulos Yibelo published his write-up of CVE-2019-8761, a macOS TextEdit flaw that he discovered. TextEdit flaw could have let hackers create malicious TXT files
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |