In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Thousands of Sophos firewalls still vulnerable out there to hijacking
January 18, 2023
More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers. The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022. At the time, the vendor said the hole ...
- CISA Releases Four Industrial Control Systems Advisories
January 17, 2023
CISA released four Industrial Control Systems (ICS) advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-017-01 GE Proficy Historian ICSA-23-017-02 Mitsubishi Electric MELSEC iQ-F, iQ-R Series Read more… Source: U.S. Cybersecurity and ...
- Hackers exploit Cacti critical bug to install malware, open reverse shells
January 15, 2023
More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit. Cacti is an operational and fault management monitoring solution for network devices that also provides graphical visualization. There are thousands of instances deployed across the world exposed on ...
- CISA Releases Twelve Industrial Control Systems Advisories
January 12, 2023
CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo ...
- Hackers exploit Control Web Panel flaw to open reverse shells
January 12, 2023
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel. The security issue is identified as CVE-2022-44877 and received a critical severity score of 9.8 out of 10 as it allows an attacker to execute code remotely without authentication. On January 3, ...
- Juniper Networks Releases Security Updates for Multiple Products
January 12, 2023
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency