Researchers at Cisco Talos have discovered vulnerabilities in widely used Microsoft apps for macOS, including Outlook, Teams, PowerPoint, OneNote, Excel, and Word. These flaws allow attackers to bypass macOS’s security features and misuse the apps’ permissions to perform malicious actions without the user’s knowledge.
The vulnerabilities arise from Microsoft’s decision to disable a security feature known as library validation in these apps. This feature is part of macOS’s Hardened Runtime, which helps prevent unauthorized code from being injected into a running application. By disabling it, Microsoft has inadvertently opened a door for attackers to inject malicious libraries into these apps, which can then operate with all the permissions granted to the legitimate application.
For instance, an attacker could use these vulnerabilities to record audio or video, send emails, or access sensitive files, all without alerting the user or requiring any interaction.
The core of Apple’s security model on macOS is its Transparency, Consent, and Control (TCC) framework, which requires explicit user permission for apps to access sensitive data and system features. By undermining TCC, these vulnerabilities could allow attackers to exploit Microsoft macOS apps to gain unauthorized access to a device’s camera, microphone, and other sensitive resources.
While Microsoft has fixed the issue in Teams and OneNote, it has not done so for Outlook, Word, Excel, or PowerPoint. According to Microsoft, the disabled library validation is necessary for these apps to support certain add-ins. However, this decision has left these apps vulnerable to potential exploitation.
The discovery of these vulnerabilities highlights the importance of maintaining robust security practices, even for widely trusted applications. Organizations using Microsoft macOS apps should review and tighten app permissions and monitor for any unusual activity. Although Microsoft has classified this issue as low severity, the potential risks should not be underestimated.
The vulnerabilities allow attackers to inject malicious libraries into widely used Microsoft apps for macOS, like Outlook and Teams, bypassing macOS’s security features.
The affected apps include Outlook, Teams, PowerPoint, OneNote, Excel, and Word.
They undermine macOS’s TCC framework by allowing unauthorized access to sensitive features like the camera and microphone without the user’s consent.
Microsoft has fixed the issue in Teams and OneNote, but not in Outlook, Word, Excel, or PowerPoint.
Organizations should review and tighten app permissions and monitor for unusual activity to protect against potential exploitation.
KnowTechNews is your go-to source for the latest in technology. From breaking news and gadget reviews to in-depth insights and industry trends, we bring you everything you need to stay informed.