Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed particular sorts of code to bypass the working system’s App Sandbox restrictions on third-party functions, doubtlessly permitting attackers to escalate system privileges and set up extra malicious payloads.
Microsoft shares credit score for the discover (CVE-2022-26706) with researcher Arsenii Kostromin, the corporate stated in its announcement, including that Apple patched the vulnerability in its Could 16 safety replace.
The staff at Microsoft found the bug whereas researching malicious macros in Microsoft Workplace for macOS, they defined in a latest weblog put up.
“Our analysis reveals that even the built-in, baseline security measures in macOS may nonetheless be bypassed, doubtlessly compromising system and consumer knowledge,” the staff wrote. “Subsequently, collaboration between vulnerability researchers, software program distributors, and the bigger safety neighborhood stays essential to serving to safe the general consumer expertise. This contains responsibly disclosing vulnerabilities to distributors.”