Experts warn of potential security vulnerabilities in Microsoft Apps for MacOS, enabling hackers to spy on users

A vulnerability in Microsoft software for Apple’s macOS has‌ been ⁤identified, raising concerns about potential spying on MacBook​ users. Cybersecurity experts from ⁢Cisco Talos, an information security company based in Maryland, recently​ shared details on how hackers could exploit this vulnerability in apps like Microsoft Outlook or PowerPoint to gain unauthorized access to a MacBook’s⁤ microphone and camera. Apple’s macOS ⁣employs ​a security framework ‌called Transparency, Consent, and Control (TCC) to regulate app access to personal data and ⁢system privileges. However, the effectiveness of TCC relies on the integrity​ of each app. If a trusted app is ⁤compromised, the permissions previously granted by the user could be exploited.

According to Cisco⁤ Talos, hackers ‍could inject malicious libraries into Microsoft apps using this newly discovered​ exploit to gain user-granted permissions. ⁤Once ‌access is ‍gained ​through these apps,​ hackers can send emails from users’ accounts without detection and even record audio⁢ clips or take pictures without any user ​interaction.

Cisco Talos reported that four out of eight exploitable⁢ applications have been updated ‍by Microsoft and are no longer ⁤vulnerable: Microsoft Teams, Microsoft Teams‌ helper, Microsoft Teams‌ ModuleHost,⁢ and ⁣Microsoft OneNote.​ However, vulnerabilities still exist in Microsoft Excel, Outlook PowerPoint,and ‌Word.

Microsoft considers this⁢ exploit “low risk” as its macOS apps need ⁤to bypass certain safeguards in order to load third-party plug-ins. Nevertheless,cybersecurity experts are urging Apple to make changes to TCC for a more‌ secure⁤ permission model that prompts users before loading specific third-party plugins into already granted permission ⁢apps.

In response,the spokesperson for Microsoft stated⁢ that the reported exploits do not pose significant security⁢ risks as they require attackers already having a certain level of system access.However,Microsoft has implemented ‌several ⁤updates for added⁢ protection,and customers are ⁢advisedto keep their software updated while ​regularly reviewing application permissions.