Sandbox app bug hurts Apple devices

Microsoft announced on Thursday that it found security instability affecting some of Apple’s operating systems. The company patched the vulnerability, however, it could allow hackers to increase device privileges and deploy malware.

“An attacker could exploit this sandbox escape vulnerability to gain elevated privileges on an affected device or cause malicious commands such as installing additional payloads,” reports Jonathan Bar Or of the Microsoft 365 Defender Research Team.

Named CVE-2022-26706 (CVSS score: 5.5), this security instability affects iOS, iPadOS, macOS, tvOS, and watchOS operating systems, and Apple fixed it in May 2022.

The tech giant called this an access issue that affects the LaunchServices (launchd) component, noting that “sandboxed processes can bypass sandbox restrictions,” adding that it mitigated the issue with additional restrictions.

However, Apple’s Sandbox app is designed to regulate the entry of personal information and other people’s sabotage machines. “The main function of the sandbox is to contain damage to the user’s system and data when the user runs an infected application,” Apple explained.

Microsoft discovered the issue after several attempts to figure out a way to escape the sandbox and run commands not allowed on macOS. The company also discovered the instability when trying to compromise the system by hiding malicious code in specially designed Microsoft Office macros.