Gearbest Tech
[ Gearbest Technology News]Recently, Gearbestlearned from foreign media that multiple applications developed by Microsoft for macOS have been exposed to have multiple security vulnerabilities, which allow hackers to use the permission framework of Apple’s operating system to illegally access users’ cameras and microphones. Affected software includes Microsoft Office, Outlook, Teams, OneNote, etc.
The cybersecurity organization Cisco Talos disclosed the details of these vulnerabilities, pointing out that hackers can bypass the macOS permission model by injecting specially crafted malicious libraries into six applications, namely Outlook, Teams, PowerPoint, Excel, Word, and OneNote, to bypass the macOS permission model and achieve illegal control of user devices.
According to Apple’s transparency, consent and control (TCC) framework on macOS, malware requires users’ explicit consent to the relevant permissions in order to access the user’s microphone and camera. However, some malicious programs can use a process called library injection (or dylib injection on macOS) to gain permissions that have been granted to other applications.
According to Cisco Talos, macOS users who have Microsoft applications installed may be hacked. These vulnerabilities allow hackers to record audio by injecting libraries into the above-mentioned applications. Of the listed applications, only Microsoft Excel does not have access to the microphone, while applications like Microsoft Teams also have access to the device’s camera.
The cybersecurity group said it has reported the security vulnerabilities to Microsoft, which has updated two affected applications to fix them. Users running the latest versions of Microsoft Teams and OneNote should not be affected, but Microsoft’s Outlook and Office applications are still affected by security vulnerabilities.
Cisco Talos said Microsoft should not disable library verification because it puts users at unnecessary risks because it bypasses the enhanced runtime protections implemented by Apple on the operating system that aims to protect users through TCC and permissions models.
magicCubeFunc.write_ad(“dingcai_top_0”);
Login with Google