Perception Point Researchers Discover Two MacOS Sandbox Escape Zero-Days

The published sandbox escape zero-days, recently patched by Apple, can fully compromise victims when used in an exploit chain

Perception Point, a leading email and cloud collaboration channel security company, offering fast interception of content-borne attacks as a service, announced today that its researchers uncovered two zero-day flaws in macOS. CVE-2021-30783, fixed in the Security Update 2021-005 Catalina, and CVE-2021-30864, now fixed in the latest macOS version 12.0.1. The vulnerabilities introduce a novel method to escape the MacOS process sandbox. This method has been confirmed, addressed and fixed by Apple.

The zero-day attacks abuse environment variables and custom-made mach-O messages to craft a forged request to authorize access beyond the security boundaries of the sandboxes process. Using these methods, an attacker can slip outside the gates and perform malicious activity in the name of the logged-in user. Such vulnerabilities can be used in an exploit chain to fully compromise a victim’s Apple computer with various techniques, including installing malware, ransomware or basically performing any action that the attacker can think of.

Marketing Technology News: Melissa Hammerle Appointed President of Intelex Technologies

“In the past it was enough to exploit just one vulnerability to compromise a victim, but as security defenses evolve attackers are required to overcome numerous hurdles,” says Shlomi Levin, CTO at Perception Point. “These days, a chain of vulnerabilities is required to successfully compromise a victim. A sandbox escape vulnerability is crucial for executing a successful, complete exploit chain. Finding such vulnerabilities in MacOS indicates that no OS is fully secured or immune to attacks.”

MacOS Monterey version 12.0.1, released October 25, 2021, resolves different security exploits, including the aforementioned CVE-2021-30864. A fix for this CVE is available for Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later). More details can be found in the MacOS Monterey 12.0.1 security content release notes.