The vulnerability in macOS makes it possible to bypass an application’s sandbox. App Sandbox is one of the most important measures against attacks on macOS.
The vulnerability was discovered by Microsoft. The Microsoft 365 Defender Research team found the issue while investigating risks VBA Macros on macOS.
The vulnerability is marginalizing App Sandbox. A serious problem, because App Sandbox is one of the most important measures against attacks on macOS.
Application protection mode
App Sandbox consists of rules for macOS app developers. If you want to publish an app to the Mac App Store, you have to follow the rules. For example, the rules ensure that the application has limited access to user data. If the app contains a vulnerability, the damage will be limited.
The team at Microsoft has found a way around the application sandbox. The researchers shared: “An attacker can exploit the vulnerability to enable itself and execute malicious code, such as a malware payload.”
The vulnerability is registered as CVE-2022-26706. Microsoft notified Apple of the issue in October 2021. On May 16, 2022, Apple released a security update. The update is integrated into macOS Monterey 12.4.
If you are running 12.4 or later, you are safe. If not, we encourage you to install security updates as soon as possible, According to the researchers. “In addition, we would like to thank the Apple team for their response.”
“Lifelong entrepreneur. Total writer. Internet ninja. Analyst. Friendly music enthusiast.”