A bug on Microsoft apps for macOS devices has been discovered by researchers from Cisco Talos, which will allow hackers to do things like taking screenshots or screen recordings without the user knowing.

Microsoft already fixed the problem for the OneNote and Teams app back in June. However, Excel, PowerPoint, Word, and Outlook remain vulnerable.

Microsoft told Cisco Telos that they haven’t patched the said apps as the vulnerabilities are “low risk”. They added that they need the potentially troublesome permissions “to support plugins.”

The company is referring to Apple’s Transparency, Consent, and Control (TCC) framework, which manages how apps can access sensitive user data and system resources. The said framework requires apps to get “explicit user content” before they access data and files like contacts, location, calendar, and photos.

App developers add these permissions to their applications through “entitlements”; they can choose from the options given by Apple.

“The effectiveness of TCC depends on applications responsibly handling the permissions they receive,” said Cisco Talos. “If a trusted application is compromised, it might be manipulated to abuse its permissions, allowing attackers to perform actions without user knowledge. For instance, if a video chat app with camera and microphone access is exploited, it could be forced to record without alerting the user,” they added.

Microsoft apps have an entitlement that indicates “all the Office apps permit the loading of unsigned dynamic libraries. This poses a security concern because a malware could exploit the apps’ permissions without proper authorization.”

Cisco Talos cited examples of exploits:

  • All apps, except for Outlook, can send an Apple event to Microsoft Outlook to dispatch an email without any user prompt. Essentially, the attacker is capable of sending emails without user interaction.
  • All apps, except for Excel, can record audio, some can even access the camera.

While Microsoft considers the bug low-risk for the said apps, Cisco Talos says that “the vulnerable apps leave the door open for adversaries to exploit all of the apps’ entitlements and, without any user prompts, reuse all the permissions already granted to the app, effectively serving as a permission broker for the attacker.”

Via: PCMag

Leave a comment

Your email address will not be published. Required fields are marked *