Eight vulnerabilities have been discovered in Microsoft applications for macOS, including Outlook, Teams, Word, Excel, PowerPoint, and OneNote. These vulnerabilities could allow hackers to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model.
The vulnerabilities revolve around the Transparency, Consent, and Control (TCC) framework, which manages access to sensitive user data on macOS. Malicious libraries could be injected into these applications, gaining their entitlements and user-granted permissions, which could then be weaponized for extracting sensitive information.
Microsoft considers the identified issues as “low risk” and has stepped in to remediate the problem in its OneNote and Teams apps. However, the company’s decision to load unsigned libraries to support plugins has raised concerns. Experts emphasize the need for securely handling third-party plugins within macOS’ current framework.
The vulnerabilities highlight the importance of robust security measures to prevent code injection and protect sensitive information. Users are advised to exercise caution and keep their applications up-to-date to minimize potential risks. Read the full article here.
