In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Apple patches macOS flaw exploited by malware to secretly snap screenshots
May 24, 2021
Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims’ Macs. The security flaw can also be potentially abused to access files and record video and audio from the computer. The iGiant has also released iOS and iPadOS 14.6, which fixes 43 CVE-listed security flaws and adding ...
- Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners
May 21, 2021
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything else: it’s too difficult to pull off during an actual flight, and it’s rare these days ...
- Open Source Vulnerabilities Converging DevOps & SecOps
May 20, 2021
Workplace evolution is in favor of traditional siloes being torn down and replaced with increased cross-functional collaboration, working in lockstep to deliver better outcomes. But it is not as easy as it sounds. Security and development teams have historically worked in siloes, which has created a long- standing disconnect between them. Both teams are responsible for ...
- Hackers scan for vulnerable devices minutes after bug disclosure
May 19, 2021
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. The adversaries’ efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure. Read more… Source: Bleeping Computer
- Windows PoC Exploit Released for Wormable RCE
May 19, 2021
A researcher has released a proof-of-concept (PoC) exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack (http.sys) that could lead to wormable remote code execution (RCE). Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch Tuesday update. This was the most severe bug in that batch: an http.sys ...
- May Android security updates patch 4 zero-days exploited in the wild
May 19, 2021
According to info provided by Google’s Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month. Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month’s Android security updates were published. Read more… Source: Bleeping ...