The Cisco Talos report has revealed the existence of a series of vulnerabilities in Microsoft applications for macOS. Many of the company’s popular services have been deemed insecure due to loopholes that could grant cybercriminals multiple privileges in the worst-case scenario.
According to the research, Tools like Microsoft Teams, OneDrive, Outlook, OneNote, Excel, and even Word can be hackedThe person responsible for the application can bypass security permissions and gain privileges that put the user at risk.
In total, there are eight different vulnerabilities in macOS, broken down by the application or tool that contains the breach:
- CVE-2024-42220 – Appearance
- CVE-2024-42004 —Teams
- CVE-2024-39804 – Power point
- CVE-2024-41159 —OneNote
- CVE-2024-43106 — Excel
- CVE-2024-41165 -Word
- CVE-2024-41145 — Teams Webview.app
- CVE-2024-41138 — Teams modulehost.app
All the flaws are exploited by injecting rogue libraries during the execution of these programs. They discover Transparency, Consent and Control (TCC), A framework that centralizes most of the security permissions for Microsoft applications.
The consequences of this range from data theft to permissions to use microphones and webcams, which can lead to surveillance of the victim’s routine or the collection of corporate secrets, for example.
Microsoft disagrees on urgency
Cisco Talos has not detected these vulnerabilities being actively used by cybercriminals, but classified eight vulnerabilities as critical.
In response, Microsoft Updates Teams and OneNote Apps for macOScorrection of defects revealed in the work. Although, disagree that these violations are very serious or urgent — so much so that other vulnerabilities have not been patched by the brand to date.
According to the company, the attacks will only cover unofficial libraries used in third-party plugins, an unusual action on these services. Apple, which may also update the framework, did not comment on the matter. The full study is available at this link (in English).
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
