Microsoft App Flaw Allows Hackers to Spy on Mac Users

A security flaw has been discovered in Microsoft’s macOS apps that allowed hackers to spy on… Mac Security researchers from Cisco Talos reported in a blog post how attackers could exploit this vulnerability and what Microsoft has done to fix it.

Hackers can use Microsoft apps to access Mac users’ cameras and microphones

Cisco Talos, a cybersecurity group specializing in malware and system prevention, has shared details of how a vulnerability in applications like Microsoft Outlook and Teams could have allowed attackers to access a Mac’s microphone and camera without the user’s consent. The attack relies on injecting malicious libraries into Microsoft applications to gain their rights and permissions granted to the user.

Apple’s macOS operating system has a framework known as Transparency, Consent and Control (TCC)which manages app permissions to access things like location services, camera, microphone, library photos, and other files.

Every app needs permission to request permissions from TCC. Apps that don’t have these permissions won’t request permissions, and thus won’t be able to access the camera and other parts of the computer. However, the vulnerability allowed malware to use the permissions granted to Microsoft apps.

“We identified eight vulnerabilities in different Microsoft apps for macOS, through which an attacker could bypass the operating system permissions model using existing app permissions without requiring the user to provide any additional verification,” the researchers explained.

For example, a hacker could create malware to record audio from a microphone or even take photos without any user interaction. “All applications except Excel have the ability to record audio, and some even have access to the camera,” the group adds.

Microsoft is working on a fix – but it doesn’t seem to be a priority

According to Cisco Talos, Microsoft considers this vulnerability to be “low risk” because it relies on loading unsigned libraries to support third-party plugins.

Following the vulnerability report, Microsoft updated the Microsoft Teams and OneNote apps for macOS with changes to how these apps handle library validation. However, Excel, PowerPoint, Word, and Outlook apps are still vulnerable to exploits.

The researchers question why Microsoft would have to disable library validation, especially when additional libraries were not expected to be loaded. “By exercising this right, Microsoft circumvents the safeguards provided by the enhanced runtime, exposing its users to unnecessary risks.”

Meanwhile, the researchers note that Apple may also be implementing changes to TCC to make the system more secure. The group suggests that the system should remind users when they install third-party plugins in apps that have already been granted permissions.

More details about the vulnerability can be found at Cisco Talos Blog.

Read also