Hackers could use your Mac to exploit Microsoft Word security flaws
Backward compatibility for Microsoft Word causing trouble
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas shed light on a flaw in macOS that, if exploited, could allow threat actors to run arbitrary code, remotely. The flaw, tracked as CVE-2022-26706, enables the circumvention of macOS App Sandbox rules, enabling macros inWorddocuments to run.
For years now, macros have been used by numerous threat actors, to trick people into downloadingmalware, or ransomware, on their endpoints. It has gotten to a point when Microsoft decided to disable macros on all files outside the trusted network and to make it quite difficult for the average Word user to enable them.
Now, Microsoft is warning that the practice can also be used on MacOS devices, as well:
Executing arbitrary commands
“Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes “escape” the sandbox and execute arbitrary commands on an affected device,” the company explained.
The flaw was discovered by the Microsoft 365 Defender Research Team and reportedly fixed byAppleon May 16.
App Sandbox is a technology embedded in macOS, that manages app access control. As the name suggests, its goal is to contain any potential damage that a malicious app can do, and to safeguard sensitive data.
Microsoft changes its mind on blocking Office macros once again>Microsoft has changed its mind about blocking Office macros by default>Here’s our take on the best antivirus software right now
The problem starts with Word’s backward compatibility. To make sure it works, the app can read or write files with an “~$” refix. By leveraging macOS’s Launch Services, to run an open -stdin command on a specially crafted Python file with this prefix, the attacker can bypass the sandbox, Microsoft further explained.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This method also allows threat actors to bypass “built-in, baseline security features” in macOS, compromising both system and user data as a result.
Microsoft published a proof-of-concept, whose code is so simple that one can simply drop a Python file, with the abovementioned prefix, with arbitrary commands.
“Python happily runs our code, and since it’s a child process of launchd, it isn’t bound to Word’s sandbox rules,” Microsoft said.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Scotland vs South Africa live stream: how to watch 2024 rugby union Autumn International online from anywhere
