Details and proof-of-concept (PoC) code for a macOS vulnerability that might be used to get through a sandbox and run code in Terminal have been revealed by a security researcher.
The security flaw, found and reported as CVE-2022-26696 (CVSS 7.8), has a patch available since the release of macOS Monterey 12.4 in May. According to Apple’s advice, the weakness allowed a sandboxed process to avoid sandbox limitations, but that the problem was fixed by better environment sanitization.