In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks
September 30, 2024
Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at risk, but they can ...
- Proactive Visibility Is Foundational to Strong Cybersecurity
September 30, 2024
Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital infrastructure connected to an organization’s environment. Gaps in that view create risk exposure. Organizations must proactively identify anything that ...
- Multiple Vulnerabilities in Common Unix Printing System (CUPS)
September 27, 2024
On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS (Common Unix Printing System). CUPS is a popular IPP-based open-source printing system primarily (but not only) for Linux and UNIX-like operating systems. According to the researcher, a successful exploit chain allows remote unauthenticated attackers to replace existing printers’ ...
- Zooming in on CVE‑2024‑7965
September 19, 2024
On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attention to the CVE‑2024‑7965 vulnerability described as an inappropriate implementation in the browser’s V8 engine. The vulnerability can lead to remote code execution (RCE) in the Chrome renderer and thus become a starting point ...
- Malware exploits braille characters to breach Windows security flaws
September 16, 2024
The Windows operating system (OS) had a vulnerability that allowed people to hide a file’s true extension, which hackers were able to use and distribute files that looked like .PDF documents, but were in fact weaponized .HTA files. In the most recent Patch Tuesday cumulative update, Microsoft addressed a flaw described as “Windows MSHTML spoofing vulnerability”, ...
- Multiple Vulnerabilities in Veeam Backup & Replication
September 9, 2024
On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution. Notably, upon initial disclosure, the Veeam advisory listed the ...