A security researcher has detailed an old hack in macOS that gave hackers full access to a user’s iCloud, needing only a calendar invite to succeed.Even Apple’s Calendar app can be vulnerableIn 2022, security researcher Mikko Kenttala discovered a zero-click vulnerability within macOS Calendar that could allow attackers to add or delete files in the Calendar sandbox environment. The vulnerability allowed attackers to execute malicious code and access sensitive data stored on the victim’s device, including iCloud Photos.The exploit starts with the attacker sending a calendar invite containing a malicious file attachment. The filename isn’t properly sanitized, which allows the attacker to perform a “directory traversal” attack, meaning they can manipulate the file’s path and place it in unintended locations. Continue Reading on AppleInsider | Discuss on our Forums
Go to Source
Author: