"Independent security researcher Park Minchan found that prefacing a link in an inetloc file with "file://" instead of "http://" or "https://" made it possible to run arbitrary code on — i.e. hack — any Mac running fully updated macOS 11.6 Big Sur. (The "file://" prefix specifies a file on the local PC.)"
""These files can be embedded inside emails which, if the user clicks on them, will execute the commands embedded inside them without providing a prompt or warning to the user," said an unsigned posting today (Sept. 21) on the SSD-Disclosure bug-reporting website."
""These files can be embedded inside emails which, if the user clicks on them, will execute the commands embedded inside them without providing a prompt or warning to the user," said an unsigned posting today (Sept. 21) on the SSD-Disclosure bug-reporting website."