In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Apple releases iOS 12.1.4, fixes iPhone FaceTime spying bug
February 7, 2019
Apple has released iOS 12.1.4. It’s a patch that fixes a bug that allowed users to spy on others by activating a group FaceTime call without the user’s consent. What made this bug so serious was how trivial it was to leverage, and it forced Apple to pull the plug on the feature at the server ...
- Flaw in Multiple Airline Systems Exposes Passenger Data
February 7, 2019
Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at Wandera said that eight airlines have been sending ...
- New macOS zero-day allows theft of user passwords
February 6, 2019
A German security researcher has published a video over the weekend showing a new zero-day affecting Apple’s macOS desktop operating system. In an interview to German tech site Heise, Linus Henze, the security researcher, says the vulnerability allows a malicious app running on a macOS system to get access to passwords stored inside the Keychain –the password management ...
- Android Phones Can Get Hacked Just by Looking at a PNG Image
February 6, 2019
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google’s mobile ...
- Your New Car Is A Hacker Magnet — Automotive Industry Disconnect To Blame
February 6, 2019
The car that you drive today is a far cry from those of just a decade ago and in many ways is now an internet-connected computer on wheels. This push towards connectivity and smart-motoring has seen the automotive manufacturing industry shift towards becoming as much about software as they are transportation. And that means it ...
- iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date
February 2, 2019
If you’re running iOS 12.1 or later on your iPhone, then the iOS 12.1.4 patch that’s coming next week is a must-have because it patches what the worst iOS bug to hit iPhone and iPad users to date. According to Apple, this patch will land “next week.” iOS 12.1.4 will fix a FaceTime bug that offered ...