In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Three vulnerabilities in HDF5 file format could lead to remote code execution
August 16, 2022
Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5 gif2h5 tool that’s normally used to convert a GIF file to the HDF5 format, commonly used to store large amounts of ...
- RTLS systems vulnerable to MiTM attacks, location manipulation
August 16, 2022
Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. RTLS technology is widely used in industrial environments, mass transit, healthcare, and smart city applications. Its primary role is to assist in safety by defining geofencing zones using tracking tags, signal ...
- Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
August 16, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are publishing this joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform. CVEs currently being exploited against ZCS include: CVE-2022-24682 CVE-2022-27924 CVE-2022-27925 ...
- Over 9,000 VNC servers exposed online without a password
August 14, 2022
Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB ...
- Potential hack for some Boeing planes fixed
August 12, 2022
A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday. Older versions of a digital tool used to calculate landing and take-off speeds on some aircraft could be tampered ...
- Palo Alto Networks Releases Security Update for PAN-OS
August 10, 2022
Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. CISA encourages users and administrators to review the Palo Alto Networks Security Advisory CVE-2022-0028 and apply the necessary updates or workarounds. Read more… Source: U.S. Cybersecurity and Infrastructure Security ...