Summarize

Simplifying... Inshort

Microsoft's macOS apps, including Word, Excel, Outlook, and PowerPoint, have been found to have security vulnerabilities that could allow attackers to inject malicious code and access sensitive data.
While Microsoft has acknowledged these flaws and addressed some in apps like Teams and OneNote, it has declined to fix issues in others, citing the need for loading unsigned libraries to support plugins.
This leaves users potentially exposed to security breaches.

Was a long read? Making it simpler...

Next Article

Vulnerabilities allow injection of malicious code

Microsoft's macOS apps have security flaws that allow spying

By Mudit Dube

Aug 19, 2024

05:30 pm

What's the story

Cisco Talos, a renowned cybersecurity firm, has recently discovered multiple security flaws in several Microsoft applications designed for macOS. These vulnerabilities could potentially enable attackers to spy on users by gaining unauthorized access to their cameras and other system components. The affected apps include widely used programs like Word, Outlook, Excel, OneNote, and Teams.

Code injection

Vulnerabilities allow injection of malicious code

The security vulnerabilities identified in Microsoft's macOS apps could allow attackers to feed malicious code into these programs. This is possible due to the exploitation of permissions and entitlements granted by users. For example, an attacker could gain access to the microphone or camera, record audio or video content, and steal sensitive information without the user being aware.

Varied impact

Impact of vulnerabilities varies by application

The potential impact of these security flaws can vary depending on the specific Microsoft app and its granted permissions. For instance, an attacker could exploit Microsoft Teams to record professional conversations or access confidential data. Similarly, unauthorized emails could be sent via Outlook, potentially leading to data breaches.

Risk assessment

Microsoft acknowledges vulnerabilities but deems them low risk

Microsoft has acknowledged the vulnerabilities identified by Cisco Talos, but considers them to be of low risk. The company has already taken steps to address some of these issues by modifying certain apps like Teams and OneNote, as well as Teams helper apps. However, other popular programs such as Word, Excel, Outlook, and PowerPoint continue to use a feature that makes them susceptible to attacks.

Unresolved issues

Microsoft declines to fix issues in some apps

Despite the identified vulnerabilities, Microsoft has reportedly "declined to fix the issues" in certain apps, as reported by Apple Insider. The company justifies this decision by stating that these apps "need to allow loading of unsigned libraries to support plugins." This implies that users of Word, Excel, Outlook, and PowerPoint on macOS may remain vulnerable to potential security breaches.