Microsoft Releases Exploit For MacOS Sandbox Escape Bug

July 14, 2022

Microsoft has released exploit code for a Sandbox Escape vulnerability in macOS. The vulnerability tracked as CVE-2022-26706 could allow attackers to bypass sandbox restrictions and execute code on the system.

The technical details of Microsoft explain how to avoid the macOS App Sandbox rules to allow malicious macro code in Word documents to execute commands on the machine.

Microsoft’s researchers discovered that using Launch Services to execute an open “-stdin” command on a special Python file with the prefix allows them to escape the App Sandbox on macOS, leading to system compromises.

The proof-of-concept (PoC) of the researchers uses the option “-stdin” for the open Command on a Python file to bypass the “com.apple quarantine” extended attribute restriction.

“Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes “escape” the sandbox and execute arbitrary commands on an affected device,” Microsoft said.

According to Jonathan Bar Or of the Microsoft 365 Defender Research Team, the vulnerability was discovered when investigating methods to execute and detect malicious macros in Microsoft Office documents on macOS.

The vulnerability was reported to Apple in 2021, and a fix was delivered with the macOS security updates in May 2022 (Big Sur 11.6.6).

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 19, 2026 AI systems approved for use by healthcare providers in Ontario are producing unreliable medical notes, including hallucinated more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn