A weakness in Microsoft in most apps for macOS enabled hackers to spy on Mac users. Cisco Talos security researchers explained in a blog how hackers could use the weakness and what Microsoft has been doing to fix the weakness.
A cybersecurity group specializing in malware and system prevention, Cisco Talos, shared how a weakness in apps like Microsoft Outlook and Teams could lead attackers to access a Mac’s microphone and camera without the user’s agreement. The attack involves inserting malicious libraries into Microsoft applications to exploit their entitlements and permissions granted by users.
Apple’s macOS includes a framework called Transparency, Consent, and Control (TCC) that regulates app permissions for accessing features such as location services, the camera, the microphone, library photos, and other files.
Every app requires an entitlement to request permissions from TCC. Without these entitlements, apps won’t be able to ask for permissions and, as a result, won’t have access to the camera or any other parts of the computer. However, the hack enabled evil software to get to the permissions granted to Microsoft apps.
“We identified eight vulnerabilities in various Microsoft applications for macOS, through which an attacker could bypass the operating system’s permission model by using existing app permissions without prompting the user for any additional verification,” the researchers say.
According to Cisco Talos, Microsoft considers this exploit to be “low risk” since it relies on loading unsigned libraries to support third-party plugins.
Following the reports of the exploits, Microsoft updated the Microsoft Teams and OneNote apps for macOS to improve their handling of the library validation entitlement. However, the exploit is vulnerable to Excel, PowerPoint, Word, and Outlook.
The researchers question why Microsoft felt it was necessary to disable library validation, particularly when no additional libraries were anticipated to be loaded.“By using this entitlement, Microsoft is circumventing the safeguards offered by the hardened runtime, potentially exposing its users to unnecessary risks.”
Meanwhile, the researchers observe that Apple could enhance the security of the TCC system by implementing changes. They suggest that the system prompts users when loading third-party plugins into apps that have already been granted permissions.
Stay updated here at Tech Exposed, and if you want, Buy us a coffee!
