Security News > 2022 > July > Microsoft releases PoC exploit for macOS sandbox escape vulnerability
Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system.
The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.
"Despite the security restrictions imposed by the App Sandbox's rules on applications, it's possible for attackers to bypass the said rules and let malicious codes"escape" the sandbox and execute arbitrary commands on an affected device" - Microsoft.
Jonathan Bar Or of the Microsoft 365 Defender Research Team explains that the vulnerability was discovered while looking into methods to run and detect malicious macros in Microsoft Office documents on macOS. To ensure backward compatibility, Microsoft Word can read and write files that come with the prefix "~$," which is defined in the app's sandbox rules.
After studying older reports [1, 2] about escaping the macOS sandbox, the researchers found that using Launch Services to run an open -stdin command on a special Python file with the abovementioned prefix allows escaping the App Sandbox on macOS, potentially leading to compromising the system.
Microsoft reported the vulnerability to Apple last year in October and a fix was delivered with the macOS security updates in May 2022.
News URL
Related news
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2022-26706 | Unspecified vulnerability in Apple products An access issue was addressed with additional sandbox restrictions on third-party applications. network apple | 4.3 |