Eight vulnerabilities in six leading Microsoft applications for macOS — including Outlook, Teams, PowerPoint, OneNote, Excel and Word — can let attackers bypass the operating system’s existing app permissions without prompting a user for any additional verification.
Cisco Talos researchers said in an Aug. 19 blog post that if successful, an attacker could gain privileges already granted to the affected Microsoft applications, so a bad actor could send emails from a user account without the user noticing, record audio clips, take pictures, or record videos without any user interaction.
According to the Cisco Talos researchers, Microsoft considers these issues low risk and has declined to fix the issues, claiming they need to allow loading of unsigned libraries to support plug-ins.
Eric Schwake, directory of cybersecurity strategy at Salt Security, said security teams must remain vigilant as there are vulnerabilities in Microsoft's macOS apps that could lead to potential breaches. Schwake said these vulnerabilities allow for malicious code injection, potentially enabling attackers to hijack user-granted permissions and access sensitive resources such as cameras, microphones, and screen recordings without user consent.
“Despite Microsoft downplaying the risk, the potential for unauthorized surveillance and data exfiltration is significant,” said Schwake. “Taking immediate action is crucial, so security teams should prioritize updating vulnerable apps, enforce strict access controls, and consider additional security measures such as restricting app permissions to mitigate these risks.”
Jason Soroko, vice president of product at Sectigo, added that this situation underscores the need for security teams to assess the entitlements and permissions granted to Microsoft applications critically, even if users themselves don’t.
“Immediate actions should include reviewing and tightening app permissions, implementing monitoring for unusual activity, and encouraging users to update their software as soon as patches are released,” said Soroko. “Moreover, collaboration between software vendors and Apple to ensure security features are properly implemented without compromising functionality is essential.”
