Image: Thomas Trutschel/Photothek via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
Nicholas Ptacek, a researcher who works for SecureMac, told Motherboard that he replicated and confirmed Yibelo's vulnerability on an older Mac. "An exploit capable of sending arbitrary data to a third party through something as innocent looking as a text file is yeah...this shows the importance of sanitizing input, especially in text-parsing applications," Ptacek told Motherboard in an online chat. "MacOS is kind of a hodge podge of systems when it comes to determining a file type and how a given application should attempt to parse the content."The good news is that, as long as you have an updated MacOS, you don't have to worry about this bug anymore. The bad news is that there may be more bugs in TextEdit. Yibelo said he found another one and he is in the process of finishing research on it and reporting it to Apple. Subscribe to our cybersecurity podcast CYBER, here.Do you research vulnerabilities on Apple's products? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com