[MART] - Daily Diary #552 - Microsoft discloses macOS vulnerabilities

[CTAS-MAT]

Hello,
I hope everyone is doing well!

Below is the entry for today.

07/14/2022 - Daily Diary #552

This week, Microsoft publicly disclosed a vulnerability in macOS App Sandbox. Tracked under CVE-2022-26706, the vulnerability allows crafted code to escape the App Sandbox and run unrestricted on the system.

App Sandbox is a feature present in Apple operational systems, with the goal to restrict access to system resources and user data if an app is malicious or compromised. By escaping the App Sandbox, a malicious code can spawn new processes and get access to system resources it shouldn't have access to.

Microsoft discovered the vulnerability when researching vulnerabilities that could be exploited through Microsoft Office macros. That means outdated systems can be exploited by opening an infected office document, usually spammed through e-mail.

The vulnerability was reported to Apple in October 2021, and fixed in May 2022. It affected not only macOS, but also multiple versions of IpadOS, iOS and tvOS.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Manager, MART
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220714/833afd14/attachment.htm>