Vulnerability Management

Immediate patching urged for macOS App Sandbox vulnerability

Share

Microsoft has urged users of macOS devices to promptly apply patches to address a vulnerability in App Sandbox, tracked as CVE-2022-26706, which could be exploited to operate unrestricted on their systems, ZDNet reports. "We encourage macOS users to install these security updates as soon as possible. We also want to thank the Apple product security team for their responsiveness in fixing this issue," wrote Microsoft 365 Defender Research Team researcher Jonathan Bar Or. Microsoft has also provided proof-of-concept exploits along with the warning, which also noted that the vulnerability had been discovered after examining different ways for malicious macro execution and detection in Microsoft Office on macOS. "Our findings revealed that it was possible to escape the sandbox by leveraging macOS's Launch Services to run an open stdin command on a specially crafted Python file with the said prefix. Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data," said Microsoft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.