Posts: 7,497
Threads: 326
Joined: Apr 2022
silvarios wrote:
[quote=Onamuji]
Yes and no.
It'd have to be in the form of an executable attachment or a link to a maliciously crafted website. Not just an attachment, but one that you'd download and run, perhaps because the email appears to be coming from a Nigerian prince who desperately needs you to escrow some money for him. (Might even need admin priv's to run.)
...Unless there's also a zero-day exploit for Apple Mail to auto-execute attachments like Windows mail clients do. Then we're all screwed.
That's a fair point, but if you combine it with the privilege escalation bug you just mentioned, wouldn't that work without requiring a password?
Yes, but you'd still need to take some sort of action to run an app, even if you didn't enter your admin password.
...Unless they combine it with a flash vulnerability to launch the app.
Posts: 21,452
Threads: 243
Joined: Sep 2016
Reputation:
0
Onamuji,
Thanks for the info.