A new macOS vulnerability has been revealed, showing that someone’s IP address could be leaked using nothing but a TXT file. It’s since been patched.
While Apple‘s macOS is generally a secure operating system, a new vulnerability was recently discovered that allows users’ IP addresses to be revealed using nothing more than a TXT file. The online world can be a dangerous place, and with every day that passes, it becomes increasingly more important to traverse the digital landscape as safely as possible.
Apple is generally seen as a company with more secure products than its competitors, but that’s not to say it hasn’t run into its fair share of controversies. For example, last year it was reported that Apple’s T2 security chip in its Mac and MacBook computers could be exploited using the same tools that are used for jailbreaking an iPhone. That’s not to mention the countless software vulnerabilities that have popped up for iOS and macOS over the years, but to Apple’s credit, these things are typically addressed in a swift and effective manner.
In the case of this latest issue, Paulos Yibelo (a self-proclaimed ‘insane bug hunter’) has revealed a macOS vulnerability that allows HTML code to be inserted into TXT files to then reveal someone’s IP address. TXT files are usually completely harmless file types that contain nothing but text, but Yibelo was able to discover that’s not always the case. All users would need to do is open the harmful TXT file, and just like that, their IP address would be leaked. The good news is that Apple patched this in 2020, meaning if someone is running the latest build of macOS, they’re in the clear. Even so, it’s fascinating to learn how the vulnerability works — and how it could be used to cause serious damage.
How The Vulnerability Works & Why It Could Have Been Worse
The TextEdit app on macOS that’s used for opening and creating TXT files supports certain text customizations — such as making text bold or italicized. While that doesn’t seem like a big deal on paper, these customizations then result in the file being stored in the RTF format rather than TXT. MacOS still sees the file as a TXT — resulting in it not being stopped by firewalls, anti-virus software, or Apple’s Gatekeeper security system — but it has all the functions of an RTF. This includes the ability to load it with actionable HTML code. As explained by Yibelo, “I found a TXT file force-downloaded from Tor browser, when opened can bypass Gatekeeper and leak the real IP address of the victim without any warning.”
Again, while this particular vulnerability has since been patched by Apple, it’s amazing to think that users could have their IP address compromised just because TextEdit allows bold and colored text. macOS users don’t have anything to worry about with this particular trick, but it serves as yet another reminder to approach everything with caution when going online.
Next: Why Apple’s Tim Cook Says Tech Privacy Regulation Is Needed
Source: Paulos Yibelo, Motherboard
X-Men Legends: Cyclops’ New Brother Could Start A Galactic Civil War
About The Author