Former NSA hacker Patrick Wardle found a security breach in Microsoft Office for Mac that can lead hackers to take control of the entire Mac. Wardle was able to gain access to the computer with just a simple Office document containing malicious codes.

As reported by Vice, the breach is based on the “macro” feature, which allows users to automate some tasks in Microsoft Office apps with custom commands and instructions. These attacks are common on Windows, but Wardle now demonstrates that something similar is possible on macOS as well.

To inject the malicious code, the hacker used different breaches and bugs that he found in Microsoft Office apps. He created a file in SLK format to bypass the macOS security system. Since this particular format is used by Microsoft Office, macOS doesn’t ask users if they really want to open the file, even if they have downloaded it from an unknown source.

Security researchers love these ancient file formats because they were created at a time when no one was thinking about security.

By creating a file that starts with the “$” character, malicious codes can break the Microsoft Office sandbox to access any other part of the operating system. The hacker demonstrates the malicious code by opening the Calculator app without user authorization through Microsoft Excel, but it can be used for other things.

As Wardle points out, some users don’t read system alerts, and they might click on any option just to skip dialog boxes. That’s where hackers expect to get access to at least a few computers. “Humans are impatient, exploits don’t have to be,” he said. Wardle reached out to Apple to report the issue, but the company didn’t provide any response.

It’s just a little frustrating when, you know, again, us as security researchers are basically doing this free security research. And we do it because we believe that we can help increase the security of the ecosystem in the platform for ourselves as Mac users, but also other Mac users.

These security breaches are now fixed with the latest version of Microsoft Office for Mac and macOS Catalina 10.15.3. However, it can still affect users who don’t regularly install software updates. Microsoft told Vice that the company is in constant discussions with Apple to identify and solve problems like this one found by Wardle.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author