1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers could use your Mac to exploit Microsoft Word security fla

    From TechnologyDaily@1337:1/100 to All on Thu Jul 14 19:00:04 2022
    Hackers could use your Mac to exploit Microsoft Word security flaws

    Date:
    Thu, 14 Jul 2022 17:59:15 +0000

    Description:
    Backward compatibility for Microsoft Word causing trouble, and helping threat actors bypass the sandbox.

    FULL STORY ======================================================================

    Microsoft has shed light on a flaw in macOS that, if exploited, could allow threat actors to run arbitrary code, remotely. The flaw, tracked as CVE-2022-26706, enables the circumvention of macOS App Sandbox rules,
    enabling macros in Word documents to run.

    For years now, macros have been used by numerous threat actors, to trick people into downloading malware , or ransomware, on their endpoints. It has gotten to a point when Microsoft decided to disable macros on all files outside the trusted network and to make it quite difficult for the average Word user to enable them.

    Now, Microsoft is warning that the practice can also be used on MacOS
    devices, as well: Executing arbitrary commands

    "Despite the security restrictions imposed by the App Sandboxs rules on applications, its possible for attackers to bypass the said rules and let malicious codes escape the sandbox and execute arbitrary commands on an affected device, the company explained.

    The flaw was discovered by the Microsoft 365 Defender Research Team and reportedly fixed by Apple on May 16.

    App Sandbox is a technology embedded in macOS, that manages app access control. As the name suggests, its goal is to contain any potential damage that a malicious app can do, and to safeguard sensitive data. Read more

    Microsoft changes its mind on blocking Office macros once again


    Microsoft has changed its mind about blocking Office macros by default


    Here's our take on the best antivirus software right now

    The problem starts with Words backward compatibility. To make sure it works, the app can read or write files with an ~$ refix. By leveraging macOSs Launch Services, to run an open -stdin command on a specially crafted Python file with this prefix, the attacker can bypass the sandbox, Microsoft further explained.

    This method also allows threat actors to bypass built-in, baseline security features in macOS, compromising both system and user data as a result.

    Microsoft published a proof-of-concept, whose code is so simple that one can simply drop a Python file, with the abovementioned prefix, with arbitrary commands.

    Python happily runs our code, and since its a child process of launchd, it isnt bound to Words sandbox rules, Microsoft said. These are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hackers-could-use-your-mac-to-exploit-microsoft -word-security-flaws/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)