A critical vulnerability has been identified in various popular Microsoft applications on Apple MacBook devices, potentially enabling hackers to extract user permissions from the apps and access sensitive data such as camera feeds and microphone recordings without authorization. The vulnerability, affecting a range of Microsoft apps for macOS including Outlook, Teams, Word, Excel, PowerPoint, and OneNote, was brought to light by security researchers from Cisco Talos.
As outlined in the report by Cisco Talos, the vulnerability stems from the manner in which Microsoft apps manage libraries within the macOS environment. Apple’s macOS incorporates a framework known as Transparency Consent and Control (TCC), responsible for regulating app permissions related to camera, microphone, location services, photo library, and file access. Each app requires an entitlement to solicit permissions from TCC, and apps lacking these entitlements will not prompt for permissions or access features such as the camera.
The exploit discovered allowed malicious software to leverage the permissions granted to Microsoft apps, circumventing the typical permission model on the operating system without requiring additional user verification. This exploitation could potentially enable attackers to insert harmful libraries into Microsoft apps on a Mac system, thereby utilizing existing permissions like camera and microphone access to spy on users and manipulate other user permissions, potentially exerting control over the entire system.
The potential ramifications of this vulnerability are concerning, with hackers potentially able to conduct unauthorized surveillance on users, steal sensitive data residing on the Mac, escalate their privileges within the system, and disrupt normal system functionality. While Microsoft has released updates for Microsoft Teams and OneNote to address the exploit, Excel, PowerPoint, Word, and Outlook remain vulnerable as Microsoft perceives the risk as “low” due to the reliance on loading unsigned libraries for third-party plugins.
In light of these developments, Mac users are advised to keep their Microsoft apps up to date, as software updates often include security patches to counter newly discovered vulnerabilities. Furthermore, users should review and disable any unnecessary permissions granted to Microsoft apps to minimize the risk posed by the vulnerability. The report has also drawn attention to the potential vulnerabilities posed by third-party plugins on Apple products, emphasizing the need for secure handling of such plugins within the macOS framework.
Moving forward, it remains crucial for both Microsoft and Apple to explore more secure approaches for managing third-party plugins within the macOS ecosystem, potentially incorporating features like notarization or user prompts to enhance security measures. By adopting proactive security practices and staying informed about potential vulnerabilities, Mac users can better safeguard their devices and data from potential cyber threats.