https://thehackernews.com/2022/07/microsoft-details-app-sandbox-escape.html
A sandboxed process may be able to circumvent sandbox restrictions
Microsoft finally shed light on a recently patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware.
"An attacker could take advantage of this sandbox escape vulnerability to
gain elevated privileges on the affected device or execute malicious
commands like installing additional payloads," Jonathan Bar Or of the
Microsoft 365 Defender Research Team said in a write-up.
Tracked as CVE-2022-26706 (CVSS score: 5.5), the security vulnerability
impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022.
"-stdin bypassed the 'com.apple.quarantine' extended attribute restriction,
as there was no way for Python to know that the contents from its standard input originated from a quarantined file," Bar Or said.
While Apple's App Sandbox is designed to tightly regulate a third-party
app's access to system resources and user data, the vulnerability makes it possible to bypass these restrictions and compromise the machine.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)