TECHNO– Recently discovered vulnerability from Microsoft. The Microsoft 365 research team discovered an issue while investigating the risks of VBA macros on macOS.
The vulnerability overwrites the app sandbox. A serious problem, because the App Sandbox is one of the most important measures against attacks on macOS.
App sandbox error
The app sandbox consists of rules for macOS app developers. If you want to publish apps in the Mac App Store, you have to follow the rules.
For example, rules ensure that applications have limited access to user data. If the application contains a vulnerability, the damage will be limited.
The Microsoft team found a way to bypass the app sandbox. “An attacker could exploit a vulnerability to self-promote and run malicious code, such as: a malware payload,” the researchers shared.
Apple release update
The vulnerability is listed as CVE-2022-26706. Microsoft notified Apple of this issue in October 2021. On May 16, 2022, Apple released a security update. The update is included in macOS Monterey 12.4.
If you’re running 12.4 or later, you’re safe. Otherwise, “we advise you to install the security update as soon as possible,” according to the researchers. “In addition, we would like to thank the Apple team for their response.”