Hackers exploit Microsoft macOS apps, achieving unrestricted system access

September 3, 2024
1 min read

TLDR:

  • Eight vulnerabilities discovered in Microsoft macOS apps could allow hackers to gain elevated privileges or access sensitive data.
  • Adversaries could exploit weaknesses in the TCC framework to gain permissions granted to affected Microsoft applications.

Eight vulnerabilities have been identified in Microsoft applications for macOS that could potentially be exploited by hackers to gain unrestricted access to sensitive data. These flaws allow adversaries to bypass the operating system’s permissions-based model, particularly the Transparency, Consent, and Control (TCC) framework, which manages access to user data on macOS.

The weaknesses impact applications such as Outlook, Teams, Word, Excel PowerPoint, and OneNote, allowing malicious libraries to be injected into these apps to gain entitlements and permissions granted by the user. This could lead to unauthorized access to sensitive information based on the access levels granted to each app.

While macOS employs security measures like sandboxing and hardened runtime to mitigate code injection threats, attackers could still use techniques like library injection (Dylib Hijacking) to exploit vulnerabilities in the applications. Once inside the app’s process space, the attacker can operate with the app’s granted permissions, potentially compromising sensitive information without the user’s consent.

Microsoft has acknowledged the issues, deeming them as low risk, but has released fixes for certain apps like OneNote and Teams. The company also highlighted the challenge of securely handling plugins within macOS and proposed options like notarization of third-party plugins to enhance security.

Overall, the vulnerabilities underscore the importance of proactive security measures and ongoing monitoring to safeguard against potential exploitation by threat actors aiming to gain unauthorized access to sensitive data through Microsoft applications on macOS.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and