macOS Finder Bug Lets Certain Files Run Arbitrary Commands

Researcher Park Minchan reported a bug within macOS Finder that lets certain files execute commands. It affects all versions of macOS up to Big Sur.

A vulnerability in the way macOS processes inetloc files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning / prompts.

Originally, inetloc files are shortcuts to an Internet location, such as an RSS feed or a telnet location; and contain the server address and possibly a username and password for SSH and telnet connections; can be created by typing a URL in a text editor and dragging the text to the Desktop.

Jon Stewart Explains Why New Apple TV+ Series is Not ‘The Daily Show’

Jon Stewart is the cover star in the latest edition of The Hollywood Reporter [available with an Apple News+ subscription]. In an extensive interview, he explains why his new biweekly series coming to Apple TV+ Is very much not The Daily Show.

I like that this is more of a conversation. It’s probably a terrible pitch for the show — “it’s The Daily Show, but less entertaining” — but also maybe more complete. And people will ask, “How are you going to live up to expectations?” Well, I’m not, and I never have. That’s not why we do it. We make things, and sometimes those things disappoint people and sometimes they really like them.

How Many Times Was The 'Ted Lasso' Intro Music Heard at The Emmys?

If you were watching the Emmys on Sunday you probably noticed the Ted Lasso intro music was played a lot. Luckily, Vulture kept score and shared exactly how many times viewers heard that now-famous “yeaaaah.”

Apple TV+’s lovable transatlantic football comedy Ted Lasso went into this year’s Emmy Awards ceremony as a record-breaker, with an unprecedented 20 nominations across various categories. But what the Emmys maybe failed to realize when they heaped those noms upon Ted Lasso was that every time one was announced during the ceremony, some anonymous wielder-of-the-aux (Reggie Watts, perhaps?) played the same few seconds of the show’s music — namely, the most famous yeeeeeeaahh to start off a theme song this side of CSI. So how many times did we hear that ripper of a note by *checks notes* Marcus Mumford? Really???

Claris Brings 'ECF Records Manager' to K-12 Schools

On Tuesday, Claris International announced the general availability of ECF Records Manager. It’s an app created to help K-12 schools and libraries meet the requirements of a new US$7 billion federal program to support remote learning.

The FCC’s ECF Program provides more than $7 billion in funding to help K-12 schools and libraries address the homework gap by purchasing tools and services that support remote learning. This program also requires schools and libraries to keep specific device or equipment data as well as user, usage and service information and “any and all” records related to applications for funding and reimbursement payments. Required data and documents must be kept for at least 10 years.

70% of People use the Same Password for Multiple Websites

A report of a survey (n=1,041) reveals that 70% of respondents said they reuse the same password for multiple websites.

The numbers above from our recent survey of 1,041 adults age 18 or older in the US say it all. A full 70% of the respondents admitted they use the same password for more than one thing—sometimes (25%), most of the time (24%), or all of the time (21%). If you don’t know why that’s bad, read on: When someone gets your password for just one service, they have your password for everything. Since most online accounts assign your email address as a username, it doesn’t take Mr. Robot to crack that code.

One of our recurring tips for Security Friday is to use a password manager. This helps you easily create unique, secure passwords for anything.

Here's Why iPhone 13 120Hz ProMotion Display Matters

Rebecca Isaacs has written a helpful explainer about the iPhone 13’s 120Hz display and why it matters for customers.

One of the major selling points of this technology is that it allows you to dynamically vary refresh rates based on what you’re doing. For instance, basic web browsing can be handled at an undemanding 10Hz to 60Hz, while gaming can take advantage of the full of 120Hz. The Apple Watch can even hit a low of 1Hz with the always-on screen.

Crypto Miners Most Detected Malware Type in 2021

A report on Tuesday found that crypto-mining malware was the most detected malware type in the first half of 2021.

The most active cryptocurrency miner in the first half of 2021 was MalXMR, with 44,587 detections. MalXMR is a crypto-mining malware that exploited EternalBlue for propagation and abused Windows Management Instrumentation (WMI). During the infection, high CPU utilization can be noticed with powershell.exe or schtasks.exe.

Pluggin a service I use: NextDNS. There’s a toggle you can turn on to “Prevent the unauthorized use of your devices to mine cryptocurrency.”

Alaska Health Service Attacked by Nation-State Cyber Attacker

The Department of Health and Social Service (DHSS) disclosed that it was the victim of a sophisticated cyberattack from a nation-state level actor.

Citing an investigation conducted together with security firm Mandiant, DHSS officials said the attackers gained access to the department’s internal network through a vulnerability in one of its websites and “spread from there.”

Officials said they believe to have expelled the attacker from their network; however, there is still an investigation taking place into what the attackers might have accessed.