macos-bug-could-let-malicious-code-break-out-of-application-sandbox

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed specific kinds of code to bypass the operating system’s App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads.

Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement, adding that Apple patched the vulnerability in its May 16 security update.

The team at Microsoft discovered the bug while researching malicious macros in Microsoft Office for macOS, they explained in a recent blog post.

“Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data,” the team wrote. “Therefore, collaboration between vulnerability researchers, software vendors, and the larger security community remains crucial to helping secure the overall user experience. This includes responsibly disclosing vulnerabilities to vendors.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related News

Top 6 Cell Phone Tracker Apps for Parental Control

Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure…
Moses Staff Hackers Publish Footage of Jerusalem Explosion

Moses Staff Hackers Publish Footage of Jerusalem Explosion

In a dramatic series of events, an Iranian hacker group by the name of Moses Staff published footage of the…
Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Cyble Research & Intelligence Labs (CRIL) recently uncovered a phishing campaign used by threat actors to deliver cryptocurrency miner softwares…