A vulnerability in Microsoft software for Apple’s macOS has been identified, raising concerns about potential spying on MacBook users. Cybersecurity experts from Cisco Talos, an information security company based in Maryland, recently shared details on how hackers could exploit this vulnerability in apps like Microsoft Outlook or PowerPoint to gain unauthorized access to a MacBook’s microphone and camera. Apple’s macOS employs a security framework called Transparency, Consent, and Control (TCC) to regulate app access to personal data and system privileges. However, the effectiveness of TCC relies on the integrity of each app. If a trusted app is compromised, the permissions previously granted by the user could be exploited.
According to Cisco Talos, hackers could inject malicious libraries into Microsoft apps using this newly discovered exploit to gain user-granted permissions. Once access is gained through these apps, hackers can send emails from users’ accounts without detection and even record audio clips or take pictures without any user interaction.
Cisco Talos reported that four out of eight exploitable applications have been updated by Microsoft and are no longer vulnerable: Microsoft Teams, Microsoft Teams helper, Microsoft Teams ModuleHost, and Microsoft OneNote. However, vulnerabilities still exist in Microsoft Excel, Outlook PowerPoint,and Word.
Microsoft considers this exploit “low risk” as its macOS apps need to bypass certain safeguards in order to load third-party plug-ins. Nevertheless,cybersecurity experts are urging Apple to make changes to TCC for a more secure permission model that prompts users before loading specific third-party plugins into already granted permission apps.
In response,the spokesperson for Microsoft stated that the reported exploits do not pose significant security risks as they require attackers already having a certain level of system access.However,Microsoft has implemented several updates for added protection,and customers are advisedto keep their software updated while regularly reviewing application permissions.