Microsoft Releases PoC Code For MacOS App Sandbox Vulnerability

MacOS features a powerful sandbox restriction that helps keep modern Apple computers safe by limiting how code can run on the system.

Unfortunately, no system is bullet proof. There’s a way that a determined attacker could bypass sandbox restrictions and execute malicious code arbitrarily.  Engineers at Microsoft discovered the vulnerability, and independent security researcher Arsenii Kostromin discovered it independently.

Both groups responsibly disclosed their findings to Apple and the Microsoft team released the technical details along with a proof of concept that demonstrates how it works.

The vulnerability is being tracked as CVE-2022-26706, and the issue specifically relates to macros in Word documents opened on a machine running MacOS.  If that’s something you do on a regular basis, then it pays to be well versed in exactly how this vulnerability could be used against you.

Johnathan Bar Or is one of the researchers on the Microsoft 365 Defender Research Team.

Johnathan had this to say about the issue:

“Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes ‘escape’ the sandbox and execute arbitrary commands on an affected device.”

The good news is that the issue was discovered in October 2021, and Apple released a fix for it in May of 2022 in the Big Sur 11.6.6 update.

Even if you’ve disabled auto updates and are leery about applying OS patches to your system, this one deserves a place on your list.  It’s not an incredibly technical exploit, which means that most any hacker could pull it off. The longer you leave your system unpatched, the more danger you’re in.

Kudos to the Microsoft team and to Arsenii Kostromin for discovering and then promptly responsibly reporting the issue, and to Apple for moving with some haste to release a patch.