![]() Additionally, as the file in question is not an exe, it’s less likely to be scanned. It’s given credibility by the company’s certificate and ignored by many AV products. By naming the malware Program, attackers could run a malicious file via Apple’s service. In this case, the unquoted path was “C://Program ‘Files’…”. ![]() This opens an avenue for attackers to exploit. “Software developers are using more and more object-oriented programming, and many times when assigning a variable with a path, they assume that using the String type of the variable alone is enough – well it’s not! The path still needs to be surrounded by quotes (‘\’).” ![]() The Apple software suite contains an unquoted path vulnerability, which Morphisec describes as such: The flaw resides in Apple’s use of Bonjour, a program it initially created for Mac that handles hostname resolution and other networking tasks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |