Skip to main content

Security researcher highlights macOS remote exploit w/ custom URL schemes

posted onSeptember 4, 2018
by l33tdawg
9 to 5 Mac
Credit: 9 to 5 Mac

Security researchers look at how macOS users can be remotely targeted using document handlers and custom URL schemes – which is behind the “Do you want to allow” popup seen in the above screenshot.

Patrick Wardle explains how a custom APT abuses URL schemes to remotely infect macOS targets

On macOS, applications can “advertise” that they can support (or ‘handle’) various document types and/or custom URL schemes. Think of it, as an application saying, “hey if a user tries to open a document of type foo or a url with a scheme of bar I got it!”

You’ve surely encountered this on macOS. For example when you double click a .pdf document Preview.app is launched to handle the document. Or in a browser you click a link to an application which lives in the Mac App Store, the App Store.app is launched to process that request.

Source

Tags

HITBGSEC Security HITB Apple

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th