A critical vulnerability in Microsoft apps for macOS allowed hackers to surreptitiously spy on Mac users’ activities. Security researchers from Cisco Talos revealed how attackers could exploit this flaw to bypass macOS security measures and gain unauthorized access to sensitive data and resources.
Vulnerability in Microsoft Apps
Cisco Talos, a cybersecurity research team, uncovered a critical vulnerability in popular Microsoft applications for macOS. The flaw allowed malicious actors to surreptitiously access users’ microphones and cameras without explicit permission.
By exploiting a weakness in macOS’s security framework, Transparency Consent and Control (TCC), attackers could inject malicious code into applications like Outlook and Teams to bypass privacy safeguards. This enabled them to gain unauthorized access to sensitive data and potentially compromise user privacy.
macOS employs a security mechanism known as Transparency Consent and Control (TCC) to safeguard user privacy by requiring explicit permissions for applications to access sensitive data like camera and microphone inputs. Applications must possess specific entitlements to request these permissions from TCC. Without these entitlements, apps are unable to request or gain access to protected resources.
However, researchers at Cisco Talos discovered a critical vulnerability that allowed malicious software to circumvent this security measure. By exploiting weaknesses in Microsoft applications for macOS, attackers could leverage the existing permissions granted to these legitimate apps to access sensitive data without the user’s knowledge or consent. In essence, the exploit enabled malicious actors to bypass TCC and gain unauthorized control over the user’s device.
For instance, hackers could create malicious software to record audio or take photos without user interaction. Except for Excel, all apps have the capability to record audio, and some can access the camera, the group notes.
Researchers question Microsoft’s decision to disable library validation, which might expose users to risks by bypassing hardened runtime safeguards. They also suggest that Apple should enhance TCC by prompting users when loading third-party plugins into apps with existing permissions.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment