July 15th: Microsoft releases exploit for macOS sandbox escape bug +++ New ransomware Lilith has first victims +++ Lenovo Notebook UEFi Firmware Vulnerabilities

Microsoft releases tweet-size exploit for macOS sandbox escape bug 

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine. Abusing macros in Office documents to deploy malware has long been an efficient and popular technique to compromise Windows systems. Microsoft reported the vulnerability to Apple last year in October and a fix was delivered with the macOS security updates in May 2022 (Big Sur 11.6.6). 

If you want to dig deeper, here is our source material for you to enjoy:

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 – Microsoft Security Blog 

Microsoft releases tweet-size exploit for macOS sandbox escape bug (bleepingcomputer.com) 

Attention: New ransomware Lilith has its first victims!

A new ransomware operation has been launched under the name ‚Lilith,‘ and it has already posted its first victim on a data leak site created to support double-extortion attacks. Lilith performs double-extortions attacks, in which the threat actors steal data before encrypting devices. According to a report by researchers at Cyble who analyzed Lilith, the new family doesn’t introduce any novelties. Currently, it is not possible to say whether it will develop into a large-scale threat or a successful RaaS program. 

For more insights on the topic, feel free to check our sources below: 

New Ransomware Groups On The Rise

Lenovo Notebook UEFi Firmware Vulnerabilities 

Lenovo rolled out fixes to contain three security flaws in its UEFI firmware affecting more than70 product models. 

„The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features,“ Slovak cybersecurity firm ESET said in a series of tweets. 

Tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, all three bugs relate to buffer overflow vulnerabilities. The bugs stem from an insufficient validation of an NVRAM. 

Do you want to know more? Here are our trusted sources: 

Lenovo Notebook BIOS Vulnerabilities – Lenovo Support US 

CVE – CVE-2022-1892 (mitre.org) 

CVE – CVE-2022-1891 (mitre.org) 

CVE – CVE-2022-1890 (mitre.org) 


Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.

Simeon Mussler

Wir helfen Ihnen gerne persönlich bei der Spezifikation Ihrer Cybersecurity Anforderungen:

+49 (0)711 811-91494
cybercompare@de.bosch.com

Jetzt anfragen