Microsoft has urged users of macOS devices to promptly apply patches to address a vulnerability in App Sandbox, tracked as CVE-2022-26706, which could be exploited to operate unrestricted on their systems, ZDNet reports.
"We encourage macOS users to install these security updates as soon as possible. We also want to thank the Apple product security team for their responsiveness in fixing this issue," wrote Microsoft 365 Defender Research Team researcher Jonathan Bar Or. Microsoft has also provided proof-of-concept exploits along with the warning, which also noted that the vulnerability had been discovered after examining different ways for malicious macro execution and detection in Microsoft Office on macOS.
"Our findings revealed that it was possible to escape the sandbox by leveraging macOS's Launch Services to run an open stdin command on a specially crafted Python file with the said prefix. Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data," said Microsoft.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news