Thursday, November 21, 2024

Microsoft Apps for Mac are Vulnerable to Code Injection Attacks

Research published by Cisco Talos has identified eight vulnerabilities in various Microsoft applications designed for Apple macOS. These flaws could potentially allow threat actors to inject malicious libraries into the apps and gain control of permissions and entitlements on the user’s device.

The vulnerabilities stem from how macOS handles app permissions, particularly through mechanisms such as Transparency, Consent and Control (TCC) and sandboxing. While these measures are meant to enhance security, they can still be circumvented if a malicious actor manages to inject malicious code into a running application.

Talos researcher Francesco Benvenuto highlighted that responsible handling of permissions by applications is crucial in maintaining the overall security of the system. In the case of the Microsoft apps, the use of library validation entitlement for plug-ins raised concerns about unnecessary risks being exposed to users.

The identified vulnerabilities have been assigned CVE designations by the Talos team. Microsoft has reportedly considered these issues to be low risk and has chosen not to patch some of them due to the need to support Office add-ins. Teams and OneNote have addressed the problems by removing the problematic entitlement, but other apps remain vulnerable.

Overall, the research underscores the importance of diligent security practices in app development to prevent exploitation by malicious actors.