The risk of .DS_Store

The .DS_Store file is automatically created by MacOS when a user opens a folder with Finder, the default file manager of MacOS. The file contains information about which files are in the folder and contains options such as what icons look like.

In most cases this isn’t a big deal, but there are situations where the presence of such files becomes problematic (or an opportunity, depending on whose side you are on).

.DS_Store is not up to date
There are roughly two scenarios where a .DS_Store can cause problems. The first is that the .DS_Store is only updated by Finder. Suppose you create a file “secret-plan-to-overthrow-the-government.docx”, and save it to a USB stick. Then you decide to delete the document with a Windows computer. In that case the .DS_Store will not be updated, but if someone looks in the file, they can see that this file was present. The content may not be in the file, but the name of the deleted file is. Someone who finds the USB stick can then decide to see if he can retrieve the file.

.DS_Store is located on a web server
Another problem can arise when a folder is uploaded from an Apple computer to a website. Normally a visitor cannot see what is in that folder. If you go to www.example.com/ you cannot see which files are on that website, you only see the index file. It is a bad idea to save files with sensitive data in the web root without protecting it, but suppose you have a backup of the database in that folder, backup-05-01-2021-awesome-project.sql. There is a good chance that someone will never find that backup because of the long name. That will be a different story when this file is also reported in the .DS_Store. Then it is easy to read and you run the risk of a data breach.

Contents of the file
The .DS_Store contains binary data, which means that you cannot read the file with a standard text editor. intelx.io has a handy online tool that can read such files.

What can you do to prevent a data breach
The simplest is of course to delete the .DS_Store file. Are you a software developer using Git? Then it is wise to add the .DS_Store file to your .gitignore file.

More information about our solutions

Do you want to make sure that your websites, apps or systems are free from vulnerabilities? Our experts are happy to work for you. For more information about our pentests or other services, please feel free to contact us via the contact form below. We are happy to tell you what we can do for you.

    Contact

    Randstad 22 147
    1316BM Almere

    info@cyberant.nl
    +31 (0)85 047 1590