<i>Apple's patch only partially addressed the flaw as it can still be exploited by changing the protocol used to execute the embedded commands from file:// to FiLe://</i><p>At some point some manager has to look at code like that and fire the developer: "You're too FUCKING STUPID to work here!!!".<p>Let the downvotes commence. But really, there's this eternal wailing and gnashing of teeth about hiring the right people. But then what? If they can't implement case-insensitive string checks then what, exactly, did they learn in 4 years of college?
The news report seems to neglect to mention this requires the command execute something already available on the system and it doesn’t appear to allow passing arguments.<p>Would be useful in chaining exploits possibly?
Apple's QA for the non-obvious UI worflows is non-existent. Case in point - their MDM commands:<p>1. The inputs/outputs don't match the official documentation<p>2. Once you figure how to pass the command in such a way that it's accepted, it still doesn't work on many occasions<p>Honestly it's sad that Mac has become the de-facto machine for dev computers these days - I'd be much happier with a Linux box (if it weren't for the damn battery life of the M1 :-) ).<p>Edit: formatting