in

Hackers can use your Mac to exploit Microsoft Word security flaws

Reverse compatibility for troublesome Microsoft Word has shed light on a vulnerability in macOS that, if exploited, could allow threatening agents to run code at will, remotely. The vulnerability, tracked as CVE-2022-26706, allows for the circumvention of macOS Application Sandbox rules, which allow macros to be run in Word documents.

Hackers could use your Mac to exploit Microsoft Word security flaws
Hackers could use your Mac to exploit Microsoft Word security flaws

For years now, macros have been used by many threat agents to trick people into downloading malware (opened in new tabs) or ransomware, on their terminals. It came to a point when Microsoft decided to disable macros on all files outside the trusted network and made it quite difficult for ordinary Word users to turn them on.

Now, Microsoft is warning that this method could also be used on MacOS devices:

Execute arbitrary commands

The company explained: “Despite the security restrictions imposed by the Sandbox App rules on apps, attackers can still bypass the stated rules and let the malicious code “get out of the sandbox and execute arbitrary commands on an affected device.”

The vulnerability was discovered by the Microsoft 365 Defender Research Group and reportedly fixed by Apple on May 16.

App Sandbox is a technology embedded in macOS, which manages application access control. As the name suggests, its goal is to prevent any potential damage that a malicious application may cause and to protect sensitive data.

The problem starts with word’s backward compatibility. To make sure it works, the app can read or write files with the prefix “~$”. By taking advantage of macOS’ Launch Service, to run the open-stdin command on python files created specifically with this prefix, an attacker can bypass the sandbox, Microsoft further explained.

This method also allows threat agents to bypass “basic, built-in security features” in macOS, thereby affecting both the system and user data.

Microsoft has published a proof of concept, whose code is so simple that one can simply drop python files, with the aforementioned prefix, with arbitrary commands.

“Python happily runs our code, and since it’s a sub-process of launch, it’s not tied to Word’s sandbox rules,” Microsoft said in a statement.

Written by admin

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Microsoft has fixed dozens of potentially serious Azure security bugs

Microsoft has fixed dozens of potentially serious Azure security flaws

Ammonia could power the data centers of the future

Ammonia could power data centers in the future