A recently uncovered vulnerability in Microsoft applications for macOS may have allowed unauthorised access to Mac users’ cameras and microphones, according to findings by cybersecurity researchers at Cisco Talos.
The flaw, which could be exploited through popular Microsoft apps like Outlook and Teams, underscores ongoing concerns about the security of widely used software.
Cisco Talos revealed that they had identified a vulnerability in several Microsoft apps for macOS that could have allowed attackers to gain access to a user’s camera and microphone without their knowledge.
The researchers detailed how the exploit works, explaining that it involves the injection of malicious code into these applications, effectively hijacking the permissions the user had already granted to the app.
macOS, Apple’s operating system, uses a framework known as Transparency, Consent, and Control (TCC) to manage permissions for access to sensitive resources like the camera, microphone, and location services.
Typically, an app needs specific entitlements to request such permissions, and without these entitlements, the app is unable to access these resources. However, the vulnerability identified by Cisco Talos allowed malicious software to take advantage of permissions that had already been granted to Microsoft apps.
The research uncovered eight separate vulnerabilities across various Microsoft applications, which could enable attackers to bypass macOS’s permission model. This would allow them to use existing app permissions without any further user verification.
In practical terms, this means that a hacker could potentially develop software capable of recording audio or capturing photos without the user’s consent. Cisco Talos pointed out that all Microsoft apps, except for Excel, had the ability to record audio, and some could even access the camera.
Microsoft’s Response and Continuing Risks
Following the disclosure of these vulnerabilities, Microsoft classified the issue as “low risk,” citing the fact that the exploit relies on the loading of unsigned libraries, which are typically used to support third-party plugins.
In response, Microsoft has released updates for the macOS versions of Teams and OneNote to address how these applications handle library validation entitlements. However, other widely used apps, including Excel, PowerPoint, Word, and Outlook, remain potentially vulnerable.
Cisco Talos has raised concerns about Microsoft’s decision to disable certain security validations, particularly when there is no apparent need for additional libraries to be loaded. The researchers suggest that this could expose users to unnecessary risks.
The group also recommended that Apple consider making enhancements to the TCC framework to further protect users. One of their suggestions includes introducing user prompts when third-party plugins are loaded into apps that have already been granted permissions, which could mitigate the risk of similar vulnerabilities being exploited in the future.
