Critical Flaws in Microsoft macOS Apps: Eight Vulnerabilities Expose Sensitive Data
Eight vulnerabilities have been discovered in Microsoft applications for macOS, potentially allowing adversaries to gain elevated privileges or access sensitive data by bypassing the operating system’s permissions-based model. This model relies on the Transparency, Consent, and Control (TCC) framework to manage access to sensitive user data.
Affected Applications
The vulnerabilities span various Microsoft applications including:
- Outlook
- Teams
- Word
- Excel
- PowerPoint
- OneNote
Exploitation Method
Cisco Talos highlighted that malicious libraries could be injected into these applications, allowing attackers to exploit the applications’ entitlements and user-granted permissions. This could be weaponized to extract sensitive information, depending on the permissions granted to each app. Possible malicious activities include sending emails, recording audio or video, and taking pictures without user interaction.
TCC Framework
TCC is a framework developed by Apple to manage access to sensitive user data, providing transparency into how data is accessed and used by applications. It maintains an encrypted database recording user permissions to ensure consistent enforcement across the system. TCC works in conjunction with macOS’s application sandboxing feature, which restricts app access to the system and other applications, adding an extra layer of security.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Vulnerability Details
The vulnerabilities involve library injection, also known as Dylib Hijacking in macOS. This technique allows code to be inserted into a running application process. While macOS features like hardened runtime aim to reduce the likelihood of arbitrary code execution, successful library injection could enable the malicious library to use all permissions granted to the process, effectively operating on behalf of the application.
Attack Requirements
Exploiting these vulnerabilities requires the attacker to already have a certain level of access to the compromised host. This access can be abused to open a more privileged app and inject a malicious library, granting the attacker the permissions associated with the exploited app. If a trusted application is infiltrated, it could be used to abuse its permissions and gain access to sensitive information without user consent.
Trending: 10 Misconceptions about Hacking
Trending: OSINT Tool: cloud_enum
Microsoft’s Response
Microsoft has classified the identified issues as “low risk,” noting that the apps need to load unsigned libraries to support plugins. However, the company has remediated the problem in its OneNote and Teams apps. Microsoft pointed out the complexity in securely handling such plug-ins within macOS’s current framework. Options like notarization of third-party plug-ins would require Microsoft or Apple to sign third-party modules after verifying their security.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
