This content is viewable by Everyone
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability
Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. Apple notes that the flaw allowed a sandboxed process to circumvent sandbox restrictions, and that improved environment sanitization resolved the issue. Reguła published details on the code needed to exploit the flaw, as well as a video demonstration on how a weaponized Word document can be used to escape the sandbox and execute code within the Terminal. An attacker could exploit this vulnerability to perform arbitrary code execution.
For a complete description of the vulnerabilities and affected systems go to Apple Security Updates.