Security News

Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. Vm2 is the most popular Javascript sandbox library, with around 17.5 million monthly downloads.

"An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up. While Apple's App Sandbox is designed to tightly regulate a third-party app's access to system resources and user data, the vulnerability makes it possible to bypass these restrictions and compromise the machine.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Google in the next few days plans to begin testing fenced frames, a proposed web API to help its Privacy Sandbox ad technologies meet commitments to privacy of a sort. Fenced frames are designed to take the place of inline frames, or iframes, for specific scenarios like delivering interest-based ads without betraying interest data to the web page in which they're embedded.

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "Early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.

Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. How to build your own malware sandbox? How to make your own malware sandbox.

This type of an environment is generally built to run risky files and determine whether those files represent a malware threat. Modern sandboxes allow companies or individuals to check any kind of files, including Microsoft Office files, PDF files and any executable file.

Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser's XSLT parameter processing.

Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk," Anthony Chavez, vice president of product management for Android security and privacy, said.