MS unveils exploit code for macOS sandbox escape vulnerability

Microsoft has published the exploit code for a vulnerability in macOS that can help an attacker bypass sandbox restrictions and run code on the system.

The company releases the technical details for the security issue, currently identified as CVE-2022-26706, and explains how the macOS App Sandbox rule can be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Misusing macros in Office documents to deploy malware has long been an efficient and popular technique to compromise Windows systems.

The same could be achieved on macOS machines lacking the proper security updates, Microsoft warns in a report today.

“Jonathan Bar-Or of the Microsoft 365 Defender Research Team explains that the vulnerability was discovered while looking into methods to run and detect malicious macros in Microsoft Office documents on macOS,” a source as per Bleeping Computer.

To make sure backward compatibility, Microsoft Word can read and write files that come with the prefix “~$,” which is explained in the app’s sandbox rules.