Microsoft Releases Exploit For MacOS Sandbox Escape Bug

Share post:

Microsoft has released exploit code for a Sandbox Escape vulnerability in macOS. The vulnerability tracked as CVE-2022-26706 could allow attackers to bypass sandbox restrictions and execute code on the system.

The technical details of Microsoft explain how to avoid the macOS App Sandbox rules to allow malicious macro code in Word documents to execute commands on the machine.

Microsoft’s researchers discovered that using Launch Services to execute an open “-stdin” command on a special Python file with the prefix allows them to escape the App Sandbox on macOS, leading to system compromises.

The proof-of-concept (PoC) of the researchers uses the option “-stdin” for the open Command on a Python file to bypass the “com.apple quarantine” extended attribute restriction.

“Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes “escape” the sandbox and execute arbitrary commands on an affected device,” Microsoft said.

According to Jonathan Bar Or of the Microsoft 365 Defender Research Team, the vulnerability was discovered when investigating methods to execute and detect malicious macros in Microsoft Office documents on macOS.

The vulnerability was reported to Apple in 2021, and a fix was delivered with the macOS security updates in May 2022 (Big Sur 11.6.6).

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Microsoft MFA Outage Blocks Access to Microsoft 365 Apps, Raising Cloud Reliability Concerns

Microsoft faced another significant service disruption over the weekend, with a Multi-Factor Authentication (MFA) outage that blocked users...

Cyber Attack Hits Key Dutch University, Raising Concerns for Chip Giant ASML

Eindhoven University of Technology, a critical partner for semiconductor giant ASML Holding NV, has been hit by a...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways