+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Proof of Concept Released for MacOS Vulnerability

The Microsoft 365 Defender Research Team have released a security warning to macOS users about a vulnerability they have discovered in Apple’s App Sandbox. The vulnerability tracked as CVE-2022-26706 was first uncovered in October 2021, however a new Proof of Concept (PoC) has been released by Microsoft in two formats, one of which is describe as a “tweetable PoC” due to its simplicity. 

Release of these PoCs mean that users could be more at risk of this form of attack as malicious actors now have access to information on how to successfully exploit this flaw. This vulnerability is present in macOS versions prior to Monterey 12.4, and macOS Big Sur 11.6.6. Apple’s security update released in May this year included a patch for this sandbox escape vulnerability.  

The App Sandbox is the name for the access control technology that Apple asks all app developers to use in order to conform to the guidelines that allow apps to be distributed through the Mac App Store. As Microsoft list Office applications on the Mac App Store, they must use this technology to set the rules for their applications too. These can include the ability to read and write different file types, and the level of restrictions placed on the apps as to how much of the user data and system resources they have access to. Microsoft stated that they discovered this vulnerability while researching ways to detect and run malicious macros in Microsoft Office documents when running on macOS.  

Exploitation of CVE-2022-26706 involves the attacker creating code that can bypass the rules established in the sandbox, resulting in a sandbox escape. This gives the attacker the ability to gain elevation of privileges on the affected device, as well as the freedom to execute malicious commands and instal additional payloads. The attack works by taking advantage of the macOS Launch Services to run an open-stdin command in a Python file, which then allows the attacker to escape the sandbox, circumvent all applied restrictions of the sandbox, and execute arbitrary code.  

A similar sandbox escape vulnerability, CVE-2021-30864, was discovered last year by Perception Point, also with a very simple PoC. This was patched in September 2021, and then disclosed by Apple in January of this year. The patch for CVE-2022-26706 has been applied in the following versions: tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, and macOS Monterey 12.4. All users running the latest OS versions should be safe from this form of attack. 

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.