Now patched macOS Calendar exploit let hackers steal data from iCloud

CAT September 13, 2024 1 min read

A security researcher has detailed an old hack in macOS that gave hackers full access to a user’s iCloud, needing only a calendar invite to succeed.

Lines of white programming code on a blue background, forming an irregular circular pattern in the center.

Even Apple’s Calendar app can be vulnerable

In 2022, security researcher Mikko Kenttala discovered a zero-click vulnerability within macOS Calendar that could allow attackers to add or delete files in the Calendar sandbox environment. The vulnerability allowed attackers to execute malicious code and access sensitive data stored on the victim’s device, including iCloud Photos.

The exploit starts with the attacker sending a calendar invite containing a malicious file attachment. The filename isn’t properly sanitized, which allows the attacker to perform a “directory traversal” attack, meaning they can manipulate the file’s path and place it in unintended locations.

Continue Reading on AppleInsider | Discuss on our Forums

Go Here to Read this Fast! Now patched macOS Calendar exploit let hackers steal data from iCloud

Originally appeared here:
Now patched macOS Calendar exploit let hackers steal data from iCloud

Tags: tech technews technology

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Related Stories

The Difference Between ML Engineers and Data Scientists

AirPods Max headphones unlikely to get any further upgrades

Siri engine to be fundamentally revamped across 2025, early 2026

You may have missed

The Difference Between ML Engineers and Data Scientists

AirPods Max headphones unlikely to get any further upgrades

Siri engine to be fundamentally revamped across 2025, early 2026

This fantastic 2-in-1 laptop I tested is highly recommended for office workers (and it’s on sale)