Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters

file:// is blocked? Oh OK, we'll just use File:// or fiLE://...

Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem.…

from The Register