Skip to main content

Home Sandbox escape

Sandbox escape

Sandbox escape definition

Sandbox escape refers to the act of exploiting a software vulnerability to break out of a secure or quarantined environment, often called a sandbox. An attacker could use a sandbox escape to execute malicious code on the host system, access sensitive data, or cause other types of harm.

See also: sandboxing, malicious code

Sandbox escape examples

Not only creating new viruses can be costly and time-consuming, it doesn’t guarantee that the virus will not get caught. But since known viruses often end up in a sandbox (if the system uses one), hackers have come up with a way to still do harm to a system.

The purpose of a sandbox is to restrict what the code can do and prevent it from causing harm to the wider system. If a hacker's code ends up in a sandbox, it's effectively trapped. However, by exploiting their knowledge of the system architecture, hackers can find ways their code can escape the sandbox despite being heavily restricted in its actions.

Sandbox escape prevention

Preventing sandbox escapes involves good software development practices, such as writing secure code, conducting thorough testing, and promptly patching any discovered vulnerabilities. Also, techniques such as using minimal privileges for sandboxed applications and employing multiple layers of defense can help enhance the overall security of the system and prevent code from escaping the sandbox.