Security flaws in Apple's operating systems were revealed by Microsoft on Wednesday, which could allow attackers to gain control of a device and distribute malware if exploited.
Jonathan Bar Or of the Microsoft 365 Defender Research Team wrote in a blog post that "an attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on an affected device or execute malicious commands like installing additional payloads."
CVE-2022-26706 (CVSS score: 5.5) affects iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022, when the operating systems were updated.
Because of the possibility that "a sandboxed process can circumvent sandbox restrictions," the tech giant said the LaunchServices (launchd) component was affected by the problem, but that the problem could be mitigated by adding additional restrictions.
As a result of the vulnerability, the App Sandbox of Apple's operating system can be bypassed in order for unauthorized apps to access system resources and user data.
Using the sandbox's primary function is to protect the system and user's data in the event that a compromised app is executed, Apple explains in its documentation.
A successful attack on your app can still cause significant damage, but the sandbox limits your app to the minimum set of privileges it needs to function.
To circumvent macOS's sandbox and execute commands at will, malicious code could be cloaked in an Office macro, which is where Microsoft discovered the flaw.
Open command, a utility used to open files and launch apps, is used to run a Python payload containing malicious instructions in the tweet-sized proof-of-concept (PoC) developed by the tech giant.
While this may not seem significant, any files dropped by sandboxed apps are automatically attached to the "com.apple.quarantine" extended attribute in order to trigger a prompt that requires explicit consent from the user before being executed.
However, the -stdin option for the open command associated with the Python exploit file can be used to alleviate this limitation.
As a result, "–stdin bypassed the 'com.apple.quarantine' extended attribute restriction, because there was no way for Python to know that the contents of its standard input originated from a quarantined file," Bar Or explained.
Post a Comment
Your suggestions and comments are welcome