Unveiling the Risks: Hackers Can Exploit Microsoft macOS App Vulnerabilities to Bypass Permissions

Cybersecurity experts at Cisco Talos recently uncovered a concerning security issue within several Microsoft 365 applications available on macOS. Their discovery revealed eight vulnerabilities that hold the potential for malicious hackers to exploit, effectively bypassing the macOS permission model and leveraging existing app permissions without requiring any further validation from the user. This security loophole exposes users to significant risks, allowing unauthorized actions such as sending emails, recording audio clips, capturing images, and taking videos without the user's consent or knowledge.

Vulnerabilities Identified:

1. Microsoft Outlook: Talos-2024-1972 / CVE-2024-42220
2. Microsoft Teams (work or school): Talos-2024-1973 / CVE-2024-42004
3. Microsoft PowerPoint: Talos-2024-1974 / CVE-2024-39804
4. Microsoft OneNote: Talos-2024-1975 / CVE-2024-41159
5. Microsoft Excel: Talos-2024-1976 / CVE-2024-43106
6. Microsoft Word: Talos-2024-1977 / CVE-2024-41165
7. Microsoft Teams (work or school) WebView.app helper app: Talos-2024-1990 / CVE-2024-41145
8. Microsoft Teams (work or school) com.microsoft.teams2.modulehost.app: Talos-2024-1991 / CVE-2024-41138

The vulnerabilities exploited a code injection technique, enabling rogue code to be injected into legitimate processes to gain access to protected resources. While Apple macOS has security features like Hardened Runtime to guard against such code injection, the enabling of the com.apple.security.cs.disable-library-validation entitlement by Microsoft for its macOS applications paved the way for these vulnerabilities to surface.

To fortify cybersecurity measures, sandboxing has been identified as a crucial component for applications distributed through the Mac App Store. Sandboxing acts as a defense mechanism, restricting an app's access to resources and data to only those explicitly requested through entitlements. One key aspect is the user consent pop-up, prompting specific resource access such as camera permissions only if the necessary entitlement is present.

Despite these vulnerabilities being brought to Microsoft's attention by the Talos team, the tech giant has classified the risks as low. Microsoft has prioritized maintaining support for plugins in several applications over addressing security concerns. While some apps were swiftly patched, others such as Microsoft Excel, Outlook, PowerPoint, and Word remain exposed to potential exploitation.

Addressing these loopholes will necessitate a delicate balance between functionality and security as Microsoft, Apple, and other stakeholders collaborate to enhance safeguards against cyber threats. Users are advised to remain vigilant, keep software updated, and exercise caution to mitigate the risks associated with such vulnerabilities.

Stay informed, stay protected, and together we can fortify our defenses against cyber threats in an ever-evolving digital landscape.