In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Apple Safari Flaws Enable One-Click Webcam Access
April 6, 2020
A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed ...
- DarkHotel hackers use VPN zero-day to breach Chinese government agencies
April 6, 2020
Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide ...
- Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One
April 6, 2020
FireEye Mandiant Threat Intelligence documented more zero-days exploited in 2019 than any of the previous three years. While not every instance of zero-day exploitation can be attributed to a tracked group, we noted that a wider range of tracked actors appear to have gained access to these capabilities. Furthermore, we noted a significant increase over ...
- Zoom concedes custom encryption is substandard as Citizen Lab pokes holes in it
April 6, 2020
Citizen Lab, a research group within the University of Toronto, has been able to drive a proverbial truck through the encryption used by video conferencing app Zoom. In a report where the group said the video platform was not suitable for sharing secrets nor government or business use, Citizen Lab found Zoom has been rolling its own encryption ...
- Firefox gets fixes for two zero-days exploited in the wild
April 3, 2020
Firefox users are advised to update their browsers to patch two bugs that are being exploited in the real world by hackers. The fixes are available in Firefox 74.0.1, released earlier today. This new Firefox version includes fixes for CVE-2020-6819 and CVE-2020-6820, two bugs that reside in the way Firefox manages its memory space. The bugs are so-called user-after-free vulnerabilities, ...
- A mysterious hacker group is eavesdropping on corporate email and FTP traffic
March 28, 2020
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting ...