AppleInsider reports that Apple partially fixed vulnerability in macOS Big Sur allowing attackers to run arbitrary code via specially crafted email.
Vulnerability involves usage of file:// URL scheme, and currently Apple checks for it in case sensitive manner allowing attackers to use mixed cases. Proper fix is yet to come.
Do not open emails from untrusted sources!
Any interaction with malicious email could trigger remote code execution.
SSD Advisory: SSD Advisory – macOS Finder RCE
Reference: Apple partially patches new macOS Finder zero-day vulnerability
Recommendations
Developer:
QA engineer:
PM/DM: