Explorer

Mac Users At Risk Of Getting Hacked Due To The Use Of Microsoft Apps, Here's How

Cisco Talos, the cybersecurity research group, has uncovered vulnerabilities across several Microsoft apps including Excel, OneNote, Outlook, PowerPoint, Teams, and Word.

Microsoft applications such as Word, Excel, Outlook, and Teams are so integral and widely used that they are nearly indispensable, whether you’re using a Windows PC or a Mac. However, these same apps have become a prime target for hackers on Apple Macs due to an unresolved security issue. A cybersecurity research group has identified a flaw in Microsoft apps on Macs that could potentially give hackers access to your photos, videos, contacts, and other sensitive information. Alarmingly, Microsoft does not view this as a significant enough issue to address.

Cisco Talos, the cybersecurity research group, has uncovered vulnerabilities across several Microsoft apps including Excel, OneNote, Outlook, PowerPoint, Teams, and Word. These flaws enable attackers to inject harmful libraries into the applications, thereby gaining unauthorised access to the apps' permissions and user-provided entitlements.

ALSO READ | Google Pixel 9 Review: With AI Features THIS Fun, You Can Excuse The iPhone-y Design

Why Is It Dangerous?

To grasp why this is problematic, let us first understand macOS's security framework. Mac devices use a permission-based system governed by the Transparency, Consent, and Control (TCC) framework. Whenever you install a new app, you are prompted to give permission for its operation. Similarly, if an app needs to access sensitive data like contacts, photos, or your webcam, you are asked to approve or deny this access.

This framework is designed to ensure that you are aware of and trust the apps accessing your private information. Apple restricts access to sensitive data to only those apps that have the necessary entitlements — authorisation from Apple to request such access. Apps lacking these entitlements cannot request sensitive information from you.

However, the Microsoft apps in question possess these entitlements, and the identified security flaw enables hackers to bypass the usual permission prompts and gain access to your sensitive data.

The researchers said, "We identified eight vulnerabilities in various Microsoft applications for macOS, through which an attacker could bypass the operating system’s permission model by using existing app permissions without prompting the user for any additional verification."

It added, "All apps, except for Excel, can access sensitive data like your emails and web activity," the group adds.

Will It Be Fixed?

Microsoft considers the security flaws "low risk" and has declined to fix them in some apps. Cisco Talos research group said, "Microsoft considers these issues low risk, and some of their applications, they claim, need to allow loading of unsigned libraries to support plugins and have declined to fix the issues."

Microsoft has updated the Teams and OneNote apps on macOS to modify their handling of the library validation entitlement. Despite this, Excel, PowerPoint, Word, and Outlook continue to be susceptible to the vulnerability.

Microsoft spokesperson told Fox News, "The disclosed cases do not pose a significant security risk as the technique described requires the attacker to already have a certain level of access to the system. However, we have implemented several updates for added protection, as detailed in the report. As a best practice, customers should keep their software updated and regularly review application permissions."

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

ABP News Checks AAP's Claim Of 'Cash-For-Vote Scam' Against BJP, Revelations Will Shock You. VIDEO
ABP News Checks AAP's Claim Of 'Cash-For-Vote Scam' Against BJP, Revelations Will Shock You. VIDEO
Delhi: Man Sets Himself On Fire Near Parliament, Rushed To Hospital
Delhi: Man Sets Himself On Fire Near Parliament, Rushed To Hospital
Uttarakhand: 3 Killed, 24 Injured As Bus Enroute To Haldwani Falls Into Gorge In Bhimtal, Rescue Ops Underway
Uttarakhand: 3 Killed, 24 Injured As Bus Enroute To Haldwani Falls Into Gorge In Bhimtal, Rescue Ops Underway
Food Delivery Agent Forced To Remove Santa Claus Attire On Christmas In Indore — Video
Food Delivery Agent Forced To Remove Santa Claus Attire On Christmas In Indore — Video
Advertisement
ABP Premium

Videos

Anya Polytech IPO: Must Watch Exclusive Interview Before Investing | Paisa LiveWhy Payas Pandit Struggled to Gain Recognition Despite Her Bhojpuri Debut with Pawan Singh?Sambhal News: ASI Team to Inspect Stepwell Today, Exclusive Pictures from the SiteBJP Accuses AAP of Deceiving Public with New Schemes Ahead of Delhi Elections

Photo Gallery

Embed widget