Recent research has revealed serious security issues in several Microsoft apps for macOS. According to a report from Cisco’s Talos cybersecurity team, these flaws could let attackers secretly access users’ cameras and microphones, steal sensitive data, and compromise system security.
What are the flaws?
The report identified eight key vulnerabilities in popular Microsoft apps like Word, Outlook, Excel, OneNote, and Teams. These problems could lead to serious consequences. For example, Microsoft Teams could be hacked to record conversations or access private data. Microsoft Outlook could be used to send unauthorized emails, leading to potential data breaches.
A major issue is the use of a feature called com.apple.security.cs.disable-library-validation. This feature turns off an important security function, allowing untrusted or unsigned libraries to be loaded. This makes the apps vulnerable to attacks that involve injecting harmful code into the software.
Microsoft’s response
Microsoft has acknowledged these vulnerabilities but considers them to be low-risk. The company has updated some apps, like Microsoft Teams and OneNote, to remove the problematic feature. However, other apps, including Word, Excel, Outlook, and PowerPoint, still use this feature and remain vulnerable to attacks.
Microsoft has decided not to fully address these issues, arguing that their apps need to load unsigned libraries to support plugins. This decision has raised concerns among security experts who believe the risks are too high.
Security features in macOS
Apple’s macOS includes several security features to protect users from unauthorized access and data breaches. One important feature is the Transparency, Consent, and Control (TCC) framework. This framework controls how apps can access sensitive data like the microphone, camera, and location services. Additionally, macOS uses Discretionary Access Control (DAC) policies, which limit access to resources based on user permissions, adding another layer of security.
Despite these protections, the recent discoveries show that there are still risks. Users should be aware of these issues and keep their software updated to protect their data and privacy.
The discovery of these security flaws in Microsoft apps for macOS highlights ongoing security challenges. While Microsoft has made some updates, vulnerabilities remain in several apps. Both Microsoft and Apple need to work together to improve security and keep users safe from potential threats.
Feature image generated by Eray Eliaçık/Bing
