An exploit in macOS could allow hackers to bypass sandbox securities and execute code. Microsoft urges users to patch as soon as possible.
Microsoft researchers identified a flaw in macOS. The flaw allows hackers to bypass macOS’ Sandbox App and execute code on targeted systems. According to Apple, App Sandbox serves as the “last line of defence” against hacking, theft, deletion, and corruption of user data.
The Microsoft 365 Defender Research Team advises users to install Apple’s 16 May security updates for macOS. The flaw in App Sandbox can be found as CVE-2022-26706.
“We encourage macOS users to install these security updates as soon as possible”, said Jonathan Bar-Or from the Research Team of Microsoft 365 Defender. “We also want to thank the Apple product security team for their responsiveness in fixing this issue.”
Microsoft said that the vulnerabilities were found while researching possible ways to abuse and address malicious macros in Microsoft Office on macOS. “Our findings revealed that it was possible to escape the Sandbox by leveraging macOS’s Launch Services”, wrote one of the researchers. “Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data.”