Immediate patching urged for macOS App Sandbox vulnerability

Microsoft has urged users of macOS devices to promptly apply patches to address a vulnerability in App Sandbox, tracked as CVE-2022-26706, which could be exploited to operate unrestricted on their systems, ZDNet reports. "We encourage macOS users to install these security updates as soon as possible. We also want to thank the Apple product security team for their responsiveness in fixing this issue," wrote Microsoft 365 Defender Research Team researcher Jonathan Bar Or. Microsoft has also provided proof-of-concept exploits along with the warning, which also noted that the vulnerability had been discovered after examining different ways for malicious macro execution and detection in Microsoft Office on macOS. "Our findings revealed that it was possible to escape the sandbox by leveraging macOS's Launch Services to run an open stdin command on a specially crafted Python file with the said prefix. Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data," said Microsoft.