In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft issues emergency WSUS security patch – update now
October 24, 2025
Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild. As part of its most recent Patch Tuesday cumulative update (October 14, 2025), Microsoft addressed CVE-2025-59287, a “deserialization of untrusted data” flaw found in Windows Server Update Service (WSUS). WSUS allows IT admins to manage patching ...
- Hidden debug code returns from the dead as TP-Link routers face a wave of new critical root access flaws
October 23, 2025
Two newly disclosed flaws in TP-Link’s Omada and Festa VPN routers have exposed deep-seated weaknesses in the company’s firmware security. The vulnerabilities, tracked as CVE-2025-7850 and CVE-2025-7851, were identified by researchers from Forescout’s Vedere Labs. These vulnerabilities were described as part of a recurring pattern of incomplete patching and residual debug code. Read more… Source: TechPro News Sign up ...
- Deep analysis of the flaw in BetterBank reward logic
October 22, 2025
From August 26 to 27, 2025, BetterBank, a decentralized finance (DeFi) protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million in digital assets. Following on-chain negotiations, the attacker returned approximately $2.7 million in assets, mitigating the ...
- CISA warns high-severity Windows SMB flaw now exploited in attacks – update now
October 22, 2025
Microsoft has acknowledged older versions of Windows 10, Windows 11 and Windows Server could be exploited due to a vulnerability related to SMB. The vulnerability, tracked as CVE-2025-33073 with a score of 8.8, was added to America’s Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list on October 20. Thankfully, Microsoft has already issued ...
- Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems
October 15, 2025
Cybersecurity firm F5 Networks says government-backed hackers had “long-term, persistent access” to its network, which allowed them to steal the company’s source code and customer information. In a filing with the U.S. Securities and Exchange Commission on Wednesday, F5 said it now “believes its containment actions have been successful,” after first discovering the hackers in its ...
- Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
October 15, 2025
TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...