skip to content

How a major vulnerability in Microsoft’s apps allowed hackers to break into Macs

A critical vulnerability in Microsoft’s apps for MacOS was discovered recently. This vulnerability allowed hackers to spy on Mac users by exploiting flaws in popular applications like Microsoft Outlook and Teams.

Security researchers from Cisco Talos, a cybersecurity division known for its focus on malware and system vulnerabilities, recently detailed how attackers could use this security gap to access sensitive components like a Mac’s microphone and camera without the user’s knowledge or consent.

The flaw in Microsoft’s Mac Apps
The vulnerability stems from how Microsoft apps interact with MacOS’s Transparency Consent and Control (TCC) framework, designed to manage app permissions.

TCC ensures that apps must request specific entitlements to access features such as the camera, microphone, or location services. Usually apps without these entitlements cannot even ask for permission, blocking unauthorized access.

However, the exploit discovered by Cisco Talos shows that malicious actors can inject harmful software into Microsoft apps and then hijack the permissions already granted to those apps.

This means that once an attacker successfully injects their code into an app like Microsoft Teams or Outlook, they could gain access to a Mac computer’s camera and microphone, enabling them to record audio or take photos without prompting the user.

The researchers identified eight distinct vulnerabilities within various Microsoft applications for MacOS. These vulnerabilities allow hackers to bypass MacOS’s permission model by leveraging the entitlements already granted to these apps. With this exploit, attackers can effectively spy on users without any direct interaction from the user, putting their privacy at significant risk.

Microsoft’s Response
Despite the severity of the findings, Microsoft has downplayed the risks associated with this exploit, categorizing it as “low risk.” According to Microsoft, the attack depends on using unsigned libraries to support third-party plugins, which they view as an uncommon and unlikely scenario.

Nevertheless, in response to the reported vulnerabilities, Microsoft has rolled out updates to some of its apps, including Teams and OneNote, to address how these applications handle library validation.

However, other widely used apps like Excel, PowerPoint, Word, and Outlook remain vulnerable, with no immediate fix. This partial response has raised concerns among security experts, who question Microsoft’s decision to turn off specific security measures like library validation, initially intended to protect users from such attacks. The researchers argue that by bypassing these safeguards, Microsoft exposes its users to unnecessary security risks.

The Need for Enhanced Security Measures
The Cisco Talos researchers also pointed out that Apple could take additional steps to strengthen MacOS’s TCC framework. One suggested improvement is for the system to prompt users whenever third-party plugins are loaded into apps that have already been granted sensitive permissions.

This would add an extra layer of security, ensuring that users are aware of any unusual or unauthorized activity.

The combination of Microsoft’s handling of app entitlements and Apple’s current TCC framework leaves room for vulnerabilities that determined attackers could exploit. Both companies may need to take more proactive measures to protect users from these emerging threats, especially as the reliance on digital communication tools grows.

In the meantime, Mac users are advised to remain vigilant, particularly if they use Microsoft apps on their devices, and to keep their software up-to-date to minimize the risk of exploitation.

Share your love
Facebook
Twitter
LinkedIn
WhatsApp

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Unauthorized Content Copy Is Not Allowed