Friend
Professional
- Messages
- 2,653
- Reaction score
- 849
- Points
- 113
Cisco has found 8 reasons for concern for macOS users.
The Cisco Talos team has identified 8 vulnerabilities in Microsoft macOS applications that allow access to permissions and privileges granted to certain applications.
The flaws allow an attacker to inject malicious libraries into Microsoft applications, bypassing the macOS security model and using pre-existing permissions without notifying the user.
Permissions in macOS regulate app access to resources such as microphone, camera, folders, screen recording, and more. If a cybercriminal gains access to these permissions, they can obtain sensitive information or even escalate their privileges on the system. In the event of a successful attack, the attacker can, for example, send emails on behalf of the user, as well as record audio or video without the user's knowledge.
Cisco Talos described in detail how vulnerabilities can be exploited to bypass the macOS security model, which is based on the TCC (Transparency, Consent, and Control) system. TCC requires the user's explicit consent to access personal data and system resources, which ensures protection against unauthorized access.
For example, malware can use Microsoft application permissions to perform unauthorized actions. Despite the severity of the situation, Microsoft assessed the problems as minor and refused to fix some of them, saying that in order to support plugins, some applications must allow unsigned libraries to be loaded.
During its analysis, Cisco Talos discovered the following vulnerabilities by assigning them identifiers and corresponding CVEs:
Particular attention is paid to how the identified issues, for example, allow an attacker to inject libraries into the application process, opening up the ability to use all the permissions that were previously granted to this application. In other words, a cybercriminal can perform any actions that have already been given permission by the user without having to be asked again.
Although Apple provides fairly strong protection measures, including mandatory confirmation of access to sensitive data, the vulnerabilities identified show that security measures can be bypassed.
Despite the fact that Microsoft noted the low risk of these vulnerabilities, 4 out of 8 applications were fixed. However, Microsoft Excel, Outlook, PowerPoint, and Word remain vulnerable.
Cisco Talos emphasizes the importance of being mindful of security issues, especially in the context of using third-party plug-ins. These vulnerabilities show that even relatively low risks can become a serious threat if not properly addressed. Therefore, software companies must take all measures to prevent potential attacks and protect their users' data.
macOS-based devices are increasingly being targeted by hackers. Intel 471 has identified more than 40 hacker groups showing interest in malware and exploits for the Apple platform. Since last year, at least 21 attackers have been looking for opportunities to acquire malware for macOS, some of whom were interested in distributing pre-existing malware. The same number of hackers are already actively attacking the system.
Source
The Cisco Talos team has identified 8 vulnerabilities in Microsoft macOS applications that allow access to permissions and privileges granted to certain applications.
The flaws allow an attacker to inject malicious libraries into Microsoft applications, bypassing the macOS security model and using pre-existing permissions without notifying the user.
Permissions in macOS regulate app access to resources such as microphone, camera, folders, screen recording, and more. If a cybercriminal gains access to these permissions, they can obtain sensitive information or even escalate their privileges on the system. In the event of a successful attack, the attacker can, for example, send emails on behalf of the user, as well as record audio or video without the user's knowledge.
Cisco Talos described in detail how vulnerabilities can be exploited to bypass the macOS security model, which is based on the TCC (Transparency, Consent, and Control) system. TCC requires the user's explicit consent to access personal data and system resources, which ensures protection against unauthorized access.
For example, malware can use Microsoft application permissions to perform unauthorized actions. Despite the severity of the situation, Microsoft assessed the problems as minor and refused to fix some of them, saying that in order to support plugins, some applications must allow unsigned libraries to be loaded.
During its analysis, Cisco Talos discovered the following vulnerabilities by assigning them identifiers and corresponding CVEs:
- TALOS-2024-1972 / CVE-2024-42220 - Microsoft Outlook
- TALOS-2024-1973 / CVE-2024-42004 - Microsoft Teams (Work or School)
- TALOS-2024-1974 / CVE-2024-39804 - Microsoft PowerPoint
- TALOS-2024-1975 / CVE-2024-41159 - Microsoft OneNote
- TALOS-2024-1976 / CVE-2024-43106 - Microsoft Excel
- TALOS-2024-1977 / CVE-2024-41165 - Microsoft Word
- TALOS-2024-1990 / CVE-2024-41145 - Microsoft Teams (Work or School) in App WebView.app
- TALOS-2024-1991 / CVE-2024-41138 - Microsoft Teams (Work or School) in the com.microsoft.teams2.modulehost.app companion app
Particular attention is paid to how the identified issues, for example, allow an attacker to inject libraries into the application process, opening up the ability to use all the permissions that were previously granted to this application. In other words, a cybercriminal can perform any actions that have already been given permission by the user without having to be asked again.
Although Apple provides fairly strong protection measures, including mandatory confirmation of access to sensitive data, the vulnerabilities identified show that security measures can be bypassed.
Despite the fact that Microsoft noted the low risk of these vulnerabilities, 4 out of 8 applications were fixed. However, Microsoft Excel, Outlook, PowerPoint, and Word remain vulnerable.
Cisco Talos emphasizes the importance of being mindful of security issues, especially in the context of using third-party plug-ins. These vulnerabilities show that even relatively low risks can become a serious threat if not properly addressed. Therefore, software companies must take all measures to prevent potential attacks and protect their users' data.
macOS-based devices are increasingly being targeted by hackers. Intel 471 has identified more than 40 hacker groups showing interest in malware and exploits for the Apple platform. Since last year, at least 21 attackers have been looking for opportunities to acquire malware for macOS, some of whom were interested in distributing pre-existing malware. The same number of hackers are already actively attacking the system.
Source
