RenderShock Exploit Hits Windows, macOS With No Clicks

A newly discovered zero-click attack, dubbed the RenderShock exploit, hits Windows and macOS systems by executing malicious payloads through background processes without user interaction. Researchers at CYFIRMA found that the technique abuses passive file rendering features in operating systems, allowing attackers to trigger credential theft and code execution without requiring victims to open or click anything.

The RenderShock exploit hits Windows Explorer Preview Pane, macOS Quick Look, and file indexing services such as Windows Search Indexer and Spotlight. Threat actors craft LNK files, PDFs, and Office documents that activate upon preview, initiating outbound SMB connections and leaking NTLMv2 hashes. Advanced payloads use polyglot files, remote template injection, and poisoned ICC color profiles to bypass traditional defenses.

Security teams should disable preview panes, block outbound SMB traffic, and monitor processes like explorer.exe and quicklookd. These attacks highlight the risks of background file handling in modern systems.

Read the full article at https://cybersecuritynews.com/rendershock-0-click-vulnerability/