July 19, 2022 –
The MacOS sandbox can be overridden with a special Python file. A fix is available.
There is a security hole in Office for Mac that can be eliminated by updating to one of the newer operating system versions. If the bug is exploited, attackers can potentially read and steal user data, according to a Microsoft Deep Dive blog post (via “Heise”). This is possible by making it possible to break out of the MacOS sandbox with a specially crafted Phython file. The bug labeled CVE-2022-26706 is enabled with the “~$” prefix, which was left in Office for Mac for backwards compatibility.
The fix for the error is ready – all you have to do is import the latest OS version. For Monterey this is version 12.4, for Bigsur at least version 11.6.6. (win)