Microsoft detects flaw in macOS sandboxing, Apple fixes it

As is very regularly the case, Microsoft’s security research teams have warned Apple of the presence of a security flaw in macOS. A vulnerability (CVE-2022-26706) corrected mid-May through macOS 12.4 and security updates for Catalina and Big Sur delivered in stride.

If you haven’t already done so, apply these updates immediately. It was while looking for ways to detect malicious macros in Office that Microsoft discovered a flaw in the sandboxing software distributed on the Mac App Store (this is the case of the office suite). It allows you to sneak out of the sandbox that is supposed to limit access to user data and the system when an app is compromised.

The Microsoft research team has developed two proofs of validity to exploit the flaw, one of which could fit in a tweet! Alerted, Apple worked on the fix with the help of the researchers, and all is well that ends well – as long as you updated your Mac, of course.


Leave a Comment