CopilotForXcode icon indicating copy to clipboard operation
CopilotForXcode copied to clipboard
verified publisher icon github

Command Injection

Open p3n7a90n opened this issue 3 months ago • 3 comments

Description

An attacker can execute arbitrary commands on the user's machine.

Version: 0.43.0

Technical Impact

An attacker can create a project containing a maliciously crafted file name. If a user opens the project in Xcode and interacts with the file using the Copilot extension, the command will be executed on the system.

Code Review

Image

The filepath parameter is used directly while opening the reference file in the code, leading to command injection.

Steps to reproduce

  1. Create a file with the following payload

main.swift";cat>xxd -r -p <<< 2f746d702f68657861616161;".swift

Image
  1. The file will be automatically attached to the Xcode chat editor.
  2. Send any message to interact with Copilot.
  3. Click on the referenced file. Command mentioned in the filename will be executed.
Image

I reported this to GitHub Security in version 0.31.0 but did not receive a response. I also reported the issue to the developer of the intitni repository, and they fixed it in the below commit

Image

https://github.com/intitni/CopilotForXcode/commit/9340275e615197fd7cd3ee8b2ed992893119b38d

Now I see that the vulnerable code is also used for agent mode. Since the issue is already public, I am sharing the details.

Image

p3n7a90n avatar Oct 01 '25 05:10 p3n7a90n

@p3n7a90n thanks for reporting. we will make a fix soon.

testforstephen avatar Oct 11 '25 07:10 testforstephen