Vulnerability in Microsoft apps for macOS: what to know Vulnerability in Microsoft apps for macOS: what to know

Cisco Talos, the core piece of the Cisco Security portfolio, reported finding significant vulnerabilities in Microsoft applications for macOS that enable hackers to access the user's camera and microphone, as well as sensitive files associated with the programs comprising the Office Suite, totally unnoticed. The report was published on August 19, 2024. Here’s the most important information about the discovery, implications thereof, and some ideas about how to safeguard yourself in such situations.

Microsoft apps for macOS: nature of the vulnerabilities and subsequent implications

There are eight flaws revealed in Teams, OneNote, Outlook, Word, PowerPoint, and Excel. They allow attackers to inject malicious code into these applications and, consequently, gain unauthorized access to hardware (microphone, camera) and user data without any action on the part of that user. The exploit relies on com.apple.security.cs.disable-library-validation, and enables loading of unsigned libraries into the applications, circumventing macOS's hardened runtime protections that were designed specifically against such injections.

The implications of exploitation of the vulnerabilities follow from the resources affected: wrongdoers can record audio or video, access sensitive data stored in the applications, and send unauthorized emails through Outlook. Essentially, compromised apps become conduits for unauthorized access.

The response from Microsoft

Microsoft has acknowledged the vulnerabilities as low risk, since exploiting them requires uploading unsigned libraries. The company did, however, release patches for Teams and OneNote, but Excel, Word, Outlook, and PowerPoint for Mac remain vulnerable, and Microsoft confirmed the respective fixes for these programs are not a priority. Moreover, they need to continue supporting third-party plugins, and the straightforward approach to remedying the flaws discovered by Cisco Talon means severing the code enabling that support.

How to safeguard your Mac from exploitation of such vulnerabilities?

Limit permissions: many applications tend to request more permissions than they actually need to work properly. Check them in System Settings – Privacy & Security, and disable everything that looks suspicious.

Stay vigilant about app behavior: if a program requests access to some sensitive data and or/ asks for permissions that, in your opinion, it has no reason to ask for, refuse and immediately scan your system for viruses (you can find the best antivirus software for Mac here). 

Update regularly: make sure all your applications, especially those as popular as Microsoft Office apps for Mac, are up to date. The simple way to do this is by installing Mac Informer, a lightweight, free, and no-strings-attached updater that can do the job without pestering you with permission prompts. Get your copy here:

Download Mac Informer, free software updater

Author's other posts

Five very viable Apple AirPods alternatives
Article
Five very viable Apple AirPods alternatives
Exploring AirPods alternatives: Beats Fit Pro, Bose QuietComfort, Sony WF-1000XM5, Anker Soundcore, and Nothing Ear. Discover quality sound and features for every budget!
What is Google’s Learn About AI educational companion?
Article
What is Google’s Learn About AI educational companion?
Learn new things with Learn About, Google's AI-driven educational companion, offering dialogue-driven learning, visualization, and personalized responses.
No old dogs: Microsoft adds AI features to Paint and Notepad
Article
No old dogs: Microsoft adds AI features to Paint and Notepad
Windows classics Paint and Notepad evolve into AI-powered tools. Try generative fill and erase in Paint or rephrase sentences with AI in Notepad by joining the Canary Channel now!
macOS 15.1 out: what’s inside? And what’s promised for 15.2?
Article
macOS 15.1 out: what’s inside? And what’s promised for 15.2?
macOS 15.1 gives you Apple Intelligence features and more.