{"id":117881,"date":"2022-07-13T09:00:00","date_gmt":"2022-07-13T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=117881"},"modified":"2025-06-19T23:33:03","modified_gmt":"2025-06-20T06:33:03","slug":"uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/07\/13\/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706\/","title":{"rendered":"Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706"},"content":{"rendered":"\n

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure<\/a> (CVD) via Microsoft Security Vulnerability Research<\/a> (MSVR) in October 2021. A fix for this vulnerability, now identified as CVE-2022-26706<\/a>, was included in the security updates released by Apple on May 16, 2022. Microsoft shares the vulnerability disclosure credit with another researcher, Arsenii Kostromin (0x3c3e), who discovered a similar technique independently.<\/p>\n\n\n\n

We encourage macOS users to install these security updates as soon as possible. We also want to thank the Apple product security team for their responsiveness in fixing this issue.<\/p>\n\n\n\n

The App Sandbox is Apple\u2019s access control technology that application developers must adopt to distribute their apps through the Mac App Store. Essentially, an app\u2019s processes are enforced with customizable rules, such as the ability to read or write specific files. The App Sandbox also restricts the processes\u2019 access to system resources and user data to minimize the impact or damage if the app becomes compromised. However, we found that specially crafted codes could bypass these rules. An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads.<\/p>\n\n\n\n

We found the vulnerability while researching potential ways to run and detect malicious macros in Microsoft Office on macOS. For backward compatibility, Microsoft Word can read or write files with an \u201c~$\u201d<\/em> prefix. Our findings revealed that it was possible to escape the sandbox by leveraging macOS\u2019s Launch Services to run an open –stdin<\/em> command on a specially crafted Python file with the said prefix.<\/p>\n\n\n\n

Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data. Therefore, collaboration between vulnerability researchers, software vendors, and the larger security community remains crucial to helping secure the overall user experience. This includes responsibly disclosing vulnerabilities to vendors.<\/p>\n\n\n\n

In addition, insights from this case study not only enhance our protection technologies, such as Microsoft Defender for Endpoint<\/a>, but they also help strengthen the security strategies of software vendors and the computing landscape at large. This blog post thus provides details of our research and overviews of similar sandbox escape vulnerabilities reported by other security researchers that helped enrich our analysis.<\/p>\n\n\n\n

How macOS App Sandbox works<\/h2>\n\n\n\n

In a nutshell, macOS apps can specify sandbox rules for the operating system to enforce on themselves. The App Sandbox restricts system calls to an allowed subset, and the said system calls can be allowed or disallowed based on files, objects, and arguments. Simply put, the sandbox rules are a defense-in-depth mechanism that dictates the kind of operations an application can or can\u2019t do, regardless of the type of user running it. Examples of such operations include:<\/p>\n\n\n\n