New Vulnerabilities in Microsoft Apps Compromise User Privacy on macOS

Published: Aug 20, 2024

Security hero image

SHARE ARTICLE

Key Takeaways:

  • Researchers have found new vulnerabilities in major Microsoft apps for macOS, including Teams, Outlook, and Word.
  • These security flaws allow hackers to access users’ microphones and cameras, record data, and escalate privileges without consent.
  • Microsoft has addressed the issue in some apps like Teams and OneNote, but others, including Word and Excel, remain vulnerable.

Cybersecurity researchers have disclosed eight critical vulnerabilities in Microsoft apps for macOS. This new security flaws expose users to potential attacks where hackers could steal sensitive data, secretly record video and audio, and gain elevated control over the Mac device.

A new report from cybersecurity group Cisco Talos reveals that new vulnerabilities affecting eight major Microsoft apps for macOS, including Microsoft Teams, Outlook, PowerPoint, Word, OneNote, and Excel, could allow hackers to access users’ microphones and cameras without permission. These exploits enable attackers to inject malicious code into the apps’ running processes in order to compromise user privacy and security.

Apple’s security model relies on the Transparency, Consent, and Control (TCC) framework, which manages and enforces privacy settings for user data and services on Mac devices. The TCC framework also regulates app permissions and controls access to system features like location services, microphones, cameras, photo libraries, and other files.

Each application requests permissions from the TCC framework through entitlements. Researchers discovered that the exploits allow malicious software to misuse the permissions granted to Microsoft apps. For example, hackers could exploit these vulnerabilities to perform malicious activities like recording audio and video or sending emails from the user’s account.

New Vulnerability in Microsoft Apps Compromises User Privacy on macOS
An example of a permission prompt (Image Credits: Cisco Talos)

Four Microsoft Apps on macOS at risk of library injection attacks

Cisco Talos reports that some popular Microsoft apps disable security features like library validation, potentially allowing third-party plug-ins to be loaded. “Permissions regulate whether an app can access resources such as the microphone, camera, folders, screen recording, user input, and more. So, if an adversary were to gain access to these, they could potentially leak sensitive information or, in the worst case, escalate privileges,” the researchers explained.

Microsoft considers this issue as a low-severity threat because it depends on loading unsigned libraries to support third-party plugins. The company has since updated its Teams and OneNote apps to remove the entitlement that allowed library injection. However, Word, Outlook, PowerPoint, and Excel still remain vulnerable to exploitation.

Cybersecurity researchers suggested that Apple could enhance the security of macOS devices by making adjustments to the TCC framework. It’s highly recommended that organizations regularly review app permissions and monitor for any unusual activity within their networks.

SHARE ARTICLE