Apple’s text editor TextEdit, which has been around for years contains a gap that malware can use to break out of the macOS sandbox. The vulnerability has been around for quite some time, but Apple doesn’t see it as a problem and probably won’t fix it.
The sandbox is supposed to ensure that applications are limited in their ability to access system data so that certain security problems do not arise. Apple has long made it compulsory to use them for app store applications. The sandbox usually ensures that a file written by an app receives a quarantine flag. This means that a sandbox app cannot simply create a malicious shell script that could then be executed outside of the sandbox.When you save it, the quarantine flag is also removed, which allows the script to be executed outside the sandbox. This should appear very harmless to the user because nobody thinks TextEdit is dangerous. Many users should allow an app to control TextEdit because they do not see it as a threat.
TextEdit Is Used Innocently By Many Users
Apple sees no problem with TextEdit and consequently no need for action. The gap is at least included in macOS, but experts were also able to trace it in the previous version macOS Mojave. The problem is that TextEdit is used innocently by many users who will certainly not expect security problems in connection with the simple text program.
Various apps, including popular tools such as the text editor BBEdit, have a special entitlement with which the apps could break out of their own sandbox. Users would not have to explicitly approve this. The entitlement cannot be deselected by the user.
