In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
February 27, 2024
Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, 2024, Mandiant observed mass attempts to exploit these vulnerabilities by a small number of China-nexus threat actors, and development of a mitigation bypass exploit targeting ...
- Malicious Apple Shortcuts could bypass security features to steal data
February 23, 2024
Apple Shortcuts could be used to steal sensitive data from Apple devices due to a high-severity vulnerability. Shortcuts is an app created by Apple that allows users to create customized task workflows on Apple devices and automate processes using a combination of built-in functions. Custom shortcuts can be exported and shared with other users, and shortcuts ...
- “To live is to fight, to fight is to live! – IBM ODM Remote Code Execution
February 22, 2024
In previous blogs, watchTowr researchers discussed some of the big players in the enterprise software space, but there is one that they have not mentioned before, that is – quite frankly – the heavy-weight champion of the world in terms of applications for large enterprises. With over a hundred years of experience, a founder and leader ...
- ClamAV’s VirusEvent Command Injection Vulnerability
February 22, 2024
SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability. ClamAV is a notable, open-source anti-virus engine, widely recognized for its comprehensive suite of security solutions. It offers an array of features, including web and email scanning capabilities, endpoint security, ...
- re: Zyxel VPN Series Pre-auth Remote Command Execution
February 21, 2024
On January 25, 2024, SSD Secure Disclosure posted a disclosure titled Zyxel VPN Series Pre-auth Remote Command Execution. The writeup describes an unauthenticated remote command injection vulnerability affecting Zyxel VPN firewalls. That caught VulnCheck researchers attention. The Zyxel VPN series has appeared on the CISA KEV four times now, and the original disclosure didn’t mention a ...
- Cybersecurity for satellites is a growing challenge, as threats to space-based infrastructure grow
February 20, 2024
In today’s interconnected world, space technology forms the backbone of our global communication, navigation and security systems. Satellites orbiting Earth are pivotal for everything from GPS navigation to international banking transactions, making them indispensable assets in our daily lives and in global infrastructure. However, as our dependency on these celestial guardians escalates, so too does their ...