Security researchers from Kaspersky’s Global Research and Analysis Team (GReAT) have identified a critical flaw that allows threat actors to execute malicious code on Macs simply by processing a tampered image file.
ExifTool, a widespread open-source utility for reading and editing file metadata, sits at the heart of this issue.
Because the tool operates silently in the background of many larger digital asset management systems, forensic platforms, and media processing scripts, users may be vulnerable without realizing they are using it.
To exploit this vulnerability, attackers hide malicious shell commands within a specific metadata field of an image file, known as DateTimeOriginal.
While the photo itself appears completely normal to the naked eye, this metadata field is deliberately written in an invalid format to house the hidden payload.
The vulnerability, officially tracked as CVE-2026-3102, is a Remote Code Execution (RCE) flaw triggered by manipulated image metadata.
His security issue specifically affects ExifTool versions 13.49 and earlier and is limited to macOS environments.
The critical flaw was discovered and reported by security researchers at Kaspersky’s Global Research and Analysis Team (GReAT).
The attack relies on two specific conditions to execute the commands. First, the processing must happen on a macOS system.
Second, the ExifTool application or underlying library must run with the -n (or –printConv) flag enabled.
This specific command-line mode instructs the software to output machine-readable data exactly as it is, intentionally skipping the standard processing that translates metadata into human-readable formats.
When these conditions align, the system bypasses safety checks and unthinkingly executes the shell commands.
In a real-world scenario, a media publication or forensics lab might receive a targeted document.
When their automated systems catalog the file and extract its metadata, the hidden commands silently trigger.
This initial breach allows attackers to download secondary payloads, such as infostealers or Trojans, compromising the device while the victim remains unaware.
Following the disclosure by Kaspersky researchers, the developer of ExifTool promptly released a patch.
Organizations and individual users must update their software workflows immediately to prevent potential exploitation.
To mitigate this threat, organizations should update ExifTool to version 13.50 or later and ensure no systems rely on vulnerable embedded versions.
Untrusted images should be processed in isolated environments, and organizations should deploy strong macOS security protections across all devices, including BYOD endpoints.
Because ExifTool is a foundational open-source component, organizations must also actively monitor their software supply chains using threat data feeds to identify outdated third-party libraries.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS appeared first on Cyber Security News.
The folding iPhone might come with an inner display the size of an iPad Mini,…
Humble has teamed up with Frictional Games for a new bundle of PC games that…
Looking for a Nintendo Switch 2 gamepad that has the same functionality as the Switch…
While we continue to wait for Valve to launch the Steam Machine amidst painful hardware…
Nintendo says it believes in the idea that “it is more fun to destroy that…
As someone who primarily reads fantasy books, I was pleasantly surprised how much I loved…
This website uses cookies.