Skip to main content

Vulnerability in Microsoft apps allowed hackers to spy on Mac users

A vulnerability found in Microsoft apps for macOS allowed hackers to spy on Mac users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the exploits.

Hackers can use Microsoft apps to access Mac users’ cameras and microphones

Cisco Talos, a cybersecurity group specializing in malware and system prevention, shared details on how a vulnerability in apps like Microsoft Outlook and Teams could lead attackers to access a Mac’s microphone and camera without the user’s consent. The attack is based on injecting malicious libraries into Microsoft apps to gain their entitlements and user-granted permissions.

Apple’s macOS has a framework known as Transparency Consent and Control (TCC), which manages app permissions to access things like location services, camera, microphone, library photos, and other files.

Each app needs an entitlement to request permissions from TCC. Apps without these entitlements won’t even ask for permissions, and consequently won’t have access to the camera and other parts of the computer. However, the exploit allowed malicious software to use the permissions granted to Microsoft apps.

“We identified eight vulnerabilities in various Microsoft applications for macOS, through which an attacker could bypass the operating system’s permission model by using existing app permissions without prompting the user for any additional verification,” the researchers explain.

For example, a hacker could create malicious software to record audio from the microphone or even take photos without any user interaction. “All apps, except for Excel, have the ability to record audio, some can even access the camera,” the group adds.

macOS Sequoia Gatekeeper

Microsoft is working on a fix – but it doesn’t seem to be a priority

According to Cisco Talos, Microsoft considers this exploit to be “low risk” since it relies on loading unsigned libraries to support third-party plugins.

After the exploits were reported, Microsoft updated the Microsoft Teams and OneNote apps for macOS with changes to how these apps handle the library validation entitlement. However, Excel, PowerPoint, Word, and Outlook are still vulnerable to the exploit.

The researchers question why Microsoft had the need to disable library validation, especially when additional libraries are not expected to be loaded. “By using this entitlement, Microsoft is circumventing the safeguards offered by the hardened runtime, potentially exposing its users to unnecessary risks.”

At the same time, the researchers note that Apple could also implement changes to the TCC to make the system more secure. The group suggests that the system should prompt users when loading third-party plugins into apps that already have granted permissions.

More details about the exploit can be found on the Cisco Talos blog.

Read also

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications