Employees who receive external e-mails typically receive information about which files are potentially dangerous. For example, EXE files are considered unsafe by default, as are DOCX and XLSX files, which can contain malicious macros. Text files, on the other hand, are generally considered harmless by design, because they cannot contain anything other than plain text. But that isn\u2019t always the case.<\/p>\n
Researchers found a way to exploit a vulnerability (now patched) in the format, and they could find more. The file format isn\u2019t actually the problem; it\u2019s the way programs handle TXTs.<\/p>\n
Researcher Paulos Yibelo highlighted<\/a> a curious way of attacking macOS computers through text files. Like many other protective solutions, macOS\u2019s built-in security system, Gatekeeper, views text files as completely trustworthy. Users can download and open them using the built-in editor TextEdit without additional checks.<\/p>\n However, TextEdit is somewhat more sophisticated than Microsoft Windows\u2019 Notepad. It can do more stuff, such as display text in bold, let users change the font color, and more. Because the TXT format is not designed to store style information, TextEdit takes on the additional technical information so it can handle the task. For example, if a file starts with the line <!DOCTYPE HTML><html><head><\/head><body>, TextEdit begins to handle HTML tags, even in a file with a .txt extension.<\/p>\n Essentially, writing HTML code into a text file that starts with that line forces TextEdit to process the code, or at least some elements of it.<\/p>\n After carefully examining all possibilities available to a potential attacker using this method, Yibelo found that the vulnerability enables:<\/p>\n The vulnerability was reported to Apple back in December\u00a02019, and it was assigned the number CVE-2019-8761<\/a>. Paulos Yibelo\u2019s post<\/a> provides more information about exploiting the vulnerability.<\/p>\n A 2020 update patched the CVE-2019-8761<\/a> vulnerability, but that\u2019s no guarantee no TXT-related bugs lurk in the software. There could be others that no one has worked out how to exploit\u00a0\u2014 yet. So, the correct answer to the question \u201cIs this text file safe?\u201d is something like: \u201cYes, for now. But stay vigilant.\u201d<\/p>\n Therefore, we recommend training all employees<\/a> to treat any file as a potential threat, even if it looks like a harmless text file.<\/p>\nAttacks possible through text files<\/h2>\n
\n
How to stay safe<\/h2>\n