In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Lazarus Group used ActiveX zero-day vulnerability to attack South Korean security think tank
June 13, 2018
An ActiveX zero-day vulnerability used in attacks against a South Korean think tank has been connected to Lazarus Group. The target of these attacks was the Sejong Institute, a non-profit South Korean think tank which conducts research on national security. The private organization works with academic institutions worldwide. Read more… Source: ZDNet
- Bypass Glitch Allows Malware to Masquerade as Legit Apple Files
June 12, 2018
Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by attackers. Essentially, Apple makes an API available ...
- New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices
June 12, 2018
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) ...
- Zero-Day Flash Exploit Targeting Middle East
June 7, 2018
A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by Adobe. Read more… Source: ThreatPost
- Researchers Warn of Microsoft Zero-Day RCE Bug
June 1, 2018
Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. Read more… Source: ...
- Microsoft, Google: We’ve found a fourth variant of Meltdown-Spectre CPU holes
May 21, 2018
A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers. These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, ...