Actu
Perception Point Researchers Discover Two MacOS Sandbox Escape Zero-Days
November 2021 by Perception Point
Perception Point offering fast interception of content-borne attacks as a service, announced today that its researchers uncovered two zero-day flaws in macOS. CVE-2021-30783, fixed in the Security Update 2021-005 Catalina, and CVE-2021-30864, now fixed in the latest macOS version 12.0.1. The vulnerabilities introduce a novel method to escape the MacOS process sandbox. This method has been confirmed, addressed and fixed by Apple.
The zero-day attacks abuse environment variables and custom-made mach-O messages to craft a forged request to authorize access beyond the security boundaries of the sandboxes process. Using these methods, an attacker can slip outside the gates and perform malicious activity in the name of the logged-in user. Such vulnerabilities can be used in an exploit chain to fully compromise a victim’s Apple computer with various techniques, including installing malware, ransomware or basically performing any action that the attacker can think of.
“In the past it was enough to exploit just one vulnerability to compromise a victim, but as security defenses evolve attackers are required to overcome numerous hurdles,” says Shlomi Levin, CTO at Perception Point. “These days, a chain of vulnerabilities is required to successfully compromise a victim. A sandbox escape vulnerability is crucial for executing a successful, complete exploit chain. Finding such vulnerabilities in MacOS indicates that no OS is fully secured or immune to attacks.”
MacOS Monterey version 12.0.1, released October 25, 2021, resolves different security exploits, including the aforementioned CVE-2021-30864. A fix for this CVE is available for Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later).
