Cybersecurity experts at Cisco Talos have identified eight vulnerabilities in Microsoft‘s macOS applications that enable hackers to access users’ cameras and microphones without proper permissions.
The security breach primarily affects popular applications like Microsoft Office, Outlook, Teams, OneNote, PowerPoint, and Excel, exploiting gaps in Apple’s permission framework on macOS.
Malicious entities can exploit macOS vulnerabilities by performing library injections. In this method, they embed harmful code into trusted applications, thereby circumventing the need for direct user permission under Apple’s Transparency, Consent, and Control (TCC) framework.
The flaw enables hackers to hijack the permissions granted to legitimate applications, granting them unauthorized access to sensitive components like microphones and cameras. Although Microsoft Excel does not have microphone access, other applications, such as Teams, can access cameras.
To date, Microsoft has addressed the vulnerabilities in two of these applications, Teams and OneNote, with updates that mitigate the risk of such attacks. However, other applications, including Outlook and the broader Office suite, remain susceptible to these security threats.
Cisco Talos has criticized Microsoft’s decision to disable library validation. They argue that this move exposes consumers to risks by bypassing essential security measures established by Apple to safeguard its operating system. These measures ensure that applications adhere to strict runtime protocols that prevent unauthorized access.
Apple could implement system prompts to alert users anytime a third-party plugin is loaded into an application for enhanced security. This would inform users that these plugins might access the same permissions as the application itself, increasing transparency and potentially thwarting unauthorized access attempts by alerting users to suspicious activity.
