CVE-2021-30864

Name of the Vulnerable Software and Affected Versions macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.6

Description A logic issue was addressed with improved state management. This issue allows a sandboxed process to potentially circumvent sandbox restrictions. The vulnerability was discovered while studying methods of launching and detecting malicious macros in Office documents on macOS. Researchers found that using Launch Services to run a command with a specific prefix allows escaping the app sandbox in macOS.

Recommendations For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1 or later to fix the issue. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6 or later to fix the issue. As a temporary workaround, consider restricting the use of Launch Services and the open command with the --stdin option to minimize the risk of exploitation. Avoid using malicious macros in Office documents until the issue is resolved.