- Microsoft declined to address reported flaws
- Hackers can spy via Microsoft macOS apps
- Eight vulnerabilities discovered by Cisco Talos
Security experts have warned millions of Apple Mac users to safeguard themselves after discovering that hackers can use programs to spy on individuals.
This week, cybersecurity firm Cisco Talos uncovered eight vulnerabilities in a number of Microsoft products, including Teams, Outlook, Word, and PowerPoint, that might offer thieves access to your machine.
The company cautioned Apple customers that hackers are introducing harmful code into programs, allowing them to take over user-granted capabilities to access the microphone and camera.
Although Apple’s macOS systems have security safeguards in place to protect users from bad actors, dangerous code can still be injected using malware, which is software designed to obtain unauthorized access to a device.
The vulnerability was discovered in Microsoft macOS programs that use Transparency Consent and Control (TCC) to handle user permissions to access location services, images, files, and screen recordings.
Cisco Talos discovered that the TCC framework provides a conduit for hackers to gain app permissions and take over the device.
If hackers obtained access to Microsoft’s programs, they might send emails from users’ accounts without their knowledge, as well as grab photos and record audio samples and videos.
They may also leak sensitive information or escalate rights, giving them access to additional personal data and system privileges.
‘We discovered eight vulnerabilities in various Microsoft applications for macOS, allowing an attacker to circumvent the operating system’s permission scheme by exploiting existing app rights without prompting the user for extra verification,’ Cisco Talos revealed.
For those wondering how hackers may gain access to the camera or microphone through apps that do not typically require them, the company noted that ‘all apps, except Excel, have the capacity to record audio, and some can even access the camera.’
Bad actors are reportedly using macOS permission settings to discreetly record video or audio without the user’s awareness.
Permissions determine what data apps can access on a user’s mobile device, which they can accept or refuse and update according to their preferences.
When an app downloads, it usually sends a notification to the user seeking permission to access, change, or delete files, photographs, and videos, monitor the user’s location, and shoot pictures and videos.
The default security policy in MacOS provides minimal protection against malware that is installed without the user’s explicit permission.
The vulnerabilities are all related to probable library injections, which macOS attempts to protect users against by utilizing Hardened Runtime, a mechanism designed to prevent hackers from uploading malicious code onto the machine.
However, Cisco Talos alleged that Microsoft disabled some Hardened Runtime capabilities to allow third-party organizations to add social media sharing buttons, contact forms, and other analytics tools.
Despite Microsoft’s purported assertions that allowing third-party access to user authorization is essential, Cisco Talos reported that it isn’t because ‘as far as we know, the only ‘plug-ins’ available to Microsoft’s macOS apps are web-based and known as ‘Office add-ins.’
“Unlock your financial potential with free Webull shares in the UK.”
‘If this understanding is correct, it raises doubts about the necessity of deactivating library validation, especially when no more libraries are expected to be loaded,’ Cisco Talos continues.
‘By utilizing this permission, Microsoft circumvents the safeguards provided by the hardened runtime, potentially exposing its users to unwarranted risks.’
The business stated that Microsoft considered the vulnerabilities to be ‘low risk’ and has purportedly ‘declined to address the flaws.
After Cisco Talos revealed the problems, Microsoft upgraded its Teams and OneNote apps on macOS, but not the validation requirements for Excel, PowerPoint, Word, and Outlook.
The business stated that by leaving these doors open to adversaries, Microsoft allows hackers to ‘exploit all of the apps’ entitlements and, without any user prompts, reuse all the permissions already provided to the app, effectively serving as a permission broker for the attacker.
