Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability [CVE-2022-26696]
CVE number = CVE-2022-26696
This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of XPC messages in the LaunchServices component.
A crafted message can trigger execution of a privileged operation.
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.