MacOS features a powerful sandbox restriction that helps keep modern Apple computers safe by limiting how code can run on the system.
Unfortunately, no system is bullet proof. There's a way that a determined attacker could bypass sandbox restrictions and execute malicious code arbitrarily. Engineers at Microsoft discovered the vulnerability, and independent security researcher Arsenii Kostromin discovered it independently.
Both groups responsibly disclosed their findings to Apple and the Microsoft team released the technical details along with a proof of concept that demonstrates how it works.
The vulnerability is being tracked as CVE-2022-26706, and the issue specifically relates to macros in Word documents opened on a machine running MacOS. If that's something you do on a regular basis, then it pays to be well versed in exactly how this vulnerability could be used against you.
Johnathan Bar Or is one of the researchers on the Microsoft 365 Defender Research Team.
Johnathan had this to say about the issue:
"Despite the security restrictions imposed by the App Sandbox's rules on applications, it's possible for attackers to bypass the said rules and let malicious codes 'escape' the sandbox and execute arbitrary commands on an affected device."
The good news is that the issue was discovered in October 2021, and Apple released a fix for it in May of 2022 in the Big Sur 11.6.6 update.
Even if you've disabled auto updates and are leery about applying OS patches to your system, this one deserves a place on your list. It's not an incredibly technical exploit, which means that most any hacker could pull it off. The longer you leave your system unpatched, the more danger you're in.
Kudos to the Microsoft team and to Arsenii Kostromin for discovering and then promptly responsibly reporting the issue, and to Apple for moving with some haste to release a patch.
If this tip helps and you would like to donate click on the button. Thanks In Advance
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
