Microsoft published exploit code for a macOS App sandbox escape flaw

Pierluigi Paganini July 14, 2022

Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox.

Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox.

“Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.” reads the post published by Microsoft.

Microsoft reported the issue to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. Apple addressed the CVE-2022-26706 flaw on May 16, 2022. 

“An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.” reads the description of this issue.

An attacker can trigger the flaw using a specially crafted Office document containing malicious macro code that allows to bypass sandbox restrictions and execute commands on the system.

The Apple App Sandbox provides protection to system resources and user data by limiting your app’s access to resources requested through entitlements.

Developers that want to distribute a macOS app through the Mac App Store must enable the App Sandbox capability.

Microsoft researchers demonstrated that using specially crafted codes could bypass the sandbox rules. An attacker could exploit the sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing malicious payloads.

“We found the vulnerability while researching potential ways to run and detect malicious macros in Microsoft Office on macOS. For backward compatibility, Microsoft Word can read or write files with an “~$” prefix.” reads the post. “Our findings revealed that it was possible to escape the sandbox by leveraging macOS’s Launch Services to run an open –stdin command on a specially crafted Python file with the said prefix.”

The root cause of the issue is backward compatibility, which allows Microsoft Word to read and write files with the prefix “~$.” . 

The experts first created a POC exploit to create a macro that launches a shell script with the Terminal app, bit it was captured by the sandbox because it was automatically given the extended attribute which prevents the execution by the Terminal. Then the experts tried using Python scripts, but the Python app had similar issues running files having the said attribute.

In one of the hacking attempts, the researchers created a proof-of-concept (PoC) that used the -stdin option for the open Command on a Python file to bypass the “” extended attribute restriction. In this way, there was no way for Python to determine that the contents from its standard input originated from a quarantined file.

“Our POC exploit thus became simply as follows:

  1. Drop a “~$” file with arbitrary Python commands.
  2. Run open –stdin=’~$’ -a Python, which runs the Python app with our dropped file serving as its standard input. Python happily runs our code, and since it’s a child process of launchd, it isn’t bound to Word’s sandbox rules.continues the post.

macos sandbox exploit

The researchers also developed a shorted version of the exploit code that can be included in a Twitter post:

macos sandbox exploit 2

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, macOS)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment