Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. Apple notes that the flaw allowed a sandboxed process to circumvent sandbox restrictions, and that improved environment sanitization resolved the issue. Reguła published details on the code needed to exploit the flaw, as well as a video demonstration on how a weaponized Word document can be used to escape the sandbox and execute code within the Terminal. An attacker could exploit this vulnerability to perform arbitrary code execution.

For a complete description of the vulnerabilities and affected systems go to Apple Security Updates.

IT Security

Read more about IT Security service offerings.