HomeWinBuzzer NewsMicrosoft 365 MacOS Apps Vulnerable to Security Bypassing Exploits

Microsoft 365 MacOS Apps Vulnerable to Security Bypassing Exploits

Cisco Talos has found critical flaws in Microsoft 365 for Mac, allowing attackers to bypass security, record audio/video, and send emails.

-

Cisco Talos has identified serious vulnerabilities in Microsoft 365 applications on macOS. These flaws can be exploited to bypass permissions, enabling unauthorized actions like sending emails, recording audio, and capturing without user consent. The products affected include Outlook, Microsoft Teams, PowerPoint, OneNote, Excel, and Word.

Technical Analysis and Implications

These vulnerabilities stem from code injection techniques, which involve inserting malicious code into legitimate processes to gain access to protected resources. Although macOS uses security features like Hardened Runtime to prevent code injections, Microsoft's macOS applications override these protections. By enabling the com..security.cs.disable-library-validation entitlement, these apps allow the loading of unsigned libraries, resulting in security flaws.

While Microsoft acknowledges these vulnerabilities, it classifies them as low risk. The company has addressed the issues in the Teams (work or school) app, Teams Web, and OneNote, which don't support plugins. However, Excel, Outlook, PowerPoint, and Word are still vulnerable.

Microsoft prioritizes plugin functionality, complicating potential mitigations such as the notarization of third-party plugins. Microsoft stresses that sandboxing, which limits app access to data and resources, is required for apps on the Mac App Store. Sandboxing ensures that apps can only access resources through explicitly requested entitlements, protected by user consent.

Vulnerability Details and Exploitability

The vulnerabilities were discovered through a detailed analysis of macOS applications and the exploitability of macOS's permission-based security model, particularly the Transparency, Consent, and Control (TCC) framework. These vulnerabilities enable attackers to exploit existing app permissions without additional user verification.

The discovered vulnerabilities have been assigned Talos IDs and CVEs, including TALOS-2024-1972 (CVE-2024-42220) for Microsoft Outlook and TALOS-2024-1973 (CVE-2024-42004) for (work or school).

Apple's TCC framework mandates that applications get explicit user consent before accessing protected resources. The research highlights that Microsoft's macOS applications have the com.apple.security.cs.disable-library-validation entitlement enabled, which can be problematic. This entitlement allows the loading of unsigned libraries, potentially facilitating code injection attacks.

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

Mastodon