A recent discovery by researchers from Cisco Talos has shed light on a vulnerability in widely used Microsoft apps for macOS that could potentially allow attackers to bypass macOS’s security controls and gain access to sensitive user data and system features. These library injection attacks exploit the applications’ entitlements to carry out malicious activities, such as sending emails or recording audio and video, without the user’s knowledge or consent.
The researchers uncovered this vulnerability while investigating Apple’s Transparency, Consent, and Control (TCC) framework, which is designed to manage and enforce privacy settings on macOS systems. The framework controls an application’s access to sensitive user data and system features like the camera, microphone, contacts, calendars, and location services. However, the disabling of a library validation feature in the Microsoft apps for macOS has created a loophole that attackers can exploit to sidestep the security measures put in place by TCC.
Eight major Microsoft apps for macOS, including Outlook, Teams, PowerPoint, OneNote, Excel, and Word, were found to be vulnerable to these library injection attacks by Cisco Talos researchers. By injecting a malicious library into the app’s running processes, attackers can essentially operate on behalf of the application itself and access all the permissions granted to the process. This could potentially lead to the leakage of sensitive information or even the escalation of privileges.
Cisco Talos has issued eight separate Common Vulnerabilities and Exposures (CVEs) for the disabled library validation issue across the affected Microsoft apps for macOS. While Microsoft has updated some of the apps, like Teams and OneNote, to address the problem, others, including Excel, Outlook, PowerPoint, and Word, remain vulnerable to exploitation.
Security experts have expressed concern over Microsoft’s classification of the issue as low-severity and their decision not to issue a fix for all affected apps. By downplaying the threat, Microsoft may be underestimating the potential harm that could be caused by attackers exploiting these vulnerabilities to gain unauthorized access to device features like the camera and microphone. The ease of exploiting these vulnerabilities varies, but attackers with sufficient knowledge could potentially exploit the flaws in environments with relaxed security practices.
To mitigate the risk posed by these vulnerabilities, organizations are advised to review and tighten app permissions and implement monitoring for unusual activity. By taking these proactive measures, businesses can better protect their sensitive data and system resources from potential exploitation by malicious actors.