Multiple Microsoft Applications for macOS are plagued with several security holes that allow attackers to obtain access to sensitive data and gain elevated privileges. These are vulnerabilities that evade Apple’s Transparency, Consent and Control (TCC) framework to control user data permissions.
Cisco Talos “said the vulnerabilities affect Microsoft applications used by millions of organizations, including Outlook, Teams, Word, Excel, PowerPoint, and OneNote. Anyone abusing these apps could, for example, send emails or record audio and video without the user’s knowledge. All permissions given to an app by a naïve download are as available to them.”
The most common method of attack is to insert malicious libraries into them. After injection, these libraries take on the same permissions as the App itself. For example, the attacker would use those permissions to gain access to confidential data if the user allowed permission for Microsoft applications. Ordinarily, Apple would have prevented this through their TCC framework; however, these vulnerabilities can bypass the system.
The flaw relates to application sandboxing and a trick called Dylib Hijacking. Sandboxing. A way of limiting apps from accessing each other or the system Dylib Hijacking: The infamous Dylib hijacking enables an attacker to inject code into the process of a 3-rd party app. Although macOS has measures such as hardened runtime to prevent unauthorized code from running, the new vulnerabilities found in them allow attackers to bypass these defences and get privileged access.
Exploiting these vulnerabilities requires an attacker to have access to the user’s machine. As soon as they get in, even with fewer permissions toggled during installation, they will be able to tamper up libraries into apps which you trust on your phone and unlock more data traversing those well-built schemes. An attacker could leverage this to load their malicious code on top of any app without the libraries which would then effectively bypass Apple’s security model.
However, these vulnerabilities are considered low risk by Microsoft and they have already fixed the problems in OneNote as well as Teams apps. Unfortunately securing the system from third-party plugins is a bit of a new challenge. The notarization of plug-ins (where third-party plugins are verified and signed) could add security to the issue, but this is even more complicated as it requires effort by both Microsoft and Apple.
The vulnerabilities in Microsoft applications for macOS pose significant risks for users, particularly regarding the security of app permissions and user data. Despite Cisco Talos’ warnings, Microsoft has taken steps to address these issues in certain apps. However, securing malicious libraries, improving sandboxing, and controlling library injection remain vital to maintaining a safe permissions model on macOS.
Vulnerabilities in Microsoft applications for macOS allow attackers to gain elevated privileges and access sensitive data by bypassing the TCC framework.
Apps like Outlook, Teams, Word, Excel, PowerPoint, and OneNote are affected by these vulnerabilities.
While macOS defends itself from attacks using sandboxing, the TCC framework and features like hardened runtime, these vulnerabilities allow attackers to bypass them.
While Microsoft has patched OneNote and Teams, third-party add-ins remain a problem.
KnowTechNews is your go-to source for the latest in technology. From breaking news and gadget reviews to in-depth insights and industry trends, we bring you everything you need to stay informed.