Security flaws in Microsoft Mac apps could let attackers spy on users
Cisco Talos recently uncovered security vulnerabilities in several Microsoft apps for macOS that can potentially let attackers spy on your camera and other system components.
Security flaws found in Microsoft apps for Mac
to have found eight vulnerabilities in Microsoft apps for macOS, including Word, Outlook, Excel, OneNote, and Teams. These vulnerabilities allow attackers to inject malicious code into the apps, exploiting permissions and entitlements granted by the user.
For instance, attackers could access the microphone or camera, record audio or video, and steal sensitive information without the user's knowledge. The library injection technique inserts malicious code into a legitimate process, allowing the attacker to operate as the compromised app.
Potential impact
The impact of vulnerabilities varies based on the application and its permissions. For instance, Microsoft Teams, widely used for professional communication, can be exploited to record conversations or access sensitive data.
Similarly, Microsoft Outlook can send unauthorized emails, potentially leading to data breaches.
Cisco Talos says that the applications use a feature called the com.apple.security.cs.disable-library-validation entitlement. This disables the security feature, preventing unsigned or untrusted library loading and making the applications vulnerable to library injection attacks.
Microsoft has acknowledged vulnerabilities found by Cisco Talos but considers them low risk. Some apps, like Microsoft Teams, OneNote, and the Teams helper apps, have been modified to remove the this entitlement, reducing vulnerability.
By opening a more privileged app and injecting a malicious library, the bad actor gains the capabilities of the exploited app.
However, other apps, such as Microsoft Word, Excel, Outlook, and PowerPoint, still use this entitlement, making them susceptible to attacks. Microsoft has reportedly "declined to fix the issues," because of the company's apps "need to allow loading of unsigned libraries to support plugins."
Understanding the macOS security model
Apple's macOS is built with a layered security model to protect users from unauthorized access and data breaches. The Transparency, Consent, and Control (TCC) framework is central to the model, which governs how applications can access sensitive data such as the microphone, camera, and location services.
Additionally, macOS employs Discretionary Access Control (DAC) policies, which provide essential protection by restricting access to specific resources based on user permissions.
However, even with these security measures, vulnerabilities can still arise, mainly when apps are granted excessive permissions or security policies are circumvented. In the case of the Microsoft apps analyzed by Cisco Talos, exploiting these vulnerabilities could lead to unauthorized access to sensitive user data, such as the ability to record audio or video without the user's consent.
For users, the best defense is to remain vigilant and ensure that their apps are regularly updated to the latest versions, which often include critical security patches. These findings remind developers of the importance of adhering to best security practices and avoiding unnecessary risks that could compromise user data.
Separately, in 2021, Cisco Talos reported on collaboration apps including Slack and Discord, being used to deliver and control malware.
Read on AppleInsider
Comments
disclaimer: I used to work for a large DOE contractor and helped Apple with government configuration requirements. This was back in the '90s and early 2000's. It tool Apple several years to bake in everything that's needed. Microsoft will never be close to Apple because it has to stay open enough to satisfy all the third-party hacks. Unfortunately, the efforts by the EU is breaking this baked in security because government organizations want to be able to hack into every single computerized device in the world.
In my opinion, both Windows and Mac are excellent operating systems. From what I've observed among my customers, Windows is just as reliable as Apple when operated on quality hardware. Many of them use Lenovo and HP business PCs without any issues. Some even have PCs that are 10 years old and the only upgrade they've required was an SSD drive.