Posted on 01/23/2017 8:34:42 PM PST by dayglored
Full read/write access was there for the taking
Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin.
The hole was patched 17 January.
Cavallarin says the flaw allowed remote attackers to execute arbitrary code on vulnerable machines if users did not more than click phishing links.
From there, attackers would gain read and write access to Mac home directories.
"Microsoft Remote Desktop Client for Mac OS X allows a malicious terminal server to read and write any file in the home directory of the connecting user," Cavallarin says.
"The vulnerability exists to the way the application handles rdp urls. In the rdp url schema it's possible to specify a parameter that will make the user's home directory accessible to the server without any warning or confirmation request.
"If an attacker can trick a user to open a malicious rdp url, they can read and write any file within the victim's home directory."
Mac OS X apps like Safari, Mail, and Messages by default open clicked rdp urls without confirmation.
This drastically shortens the attack chain of most phishing attacks which require users to be convinced by some form of narrative to open links and attachments, and again to fill out personal data and credentials into fake forms.
Cavallarin included a proof-of-concept with his disclosure, increasing the need for users to apply the Microsoft updates.
[... video of the exploit at the article...]
Hey Swordmaker, this one is really for the Apple Ping List, since the app is a MacOS app, used to access Windows computers.
BTW, going back in my Mac’s update history, I see that my installation of this app was updated in Jan 19 along with a few others. So it is getting pushed out with the regular Mac updates, if you have already installed the app previously.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.