9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
The cybersecurity group Cisco Talos has discovered a vulnerability in Microsoft applications that allowed malicious individuals to gain unhindered access to the cameras and microphones of Mac users.
The cybersecurity group Cisco Talos has discovered a vulnerability in Microsoft applications that allowed malicious individuals to gain unhindered access to the cameras and microphones of Mac users.
Vulnerabilities in several Microsoft applications allowed attackers to gain access to Mac users’ cameras and microphones through these apps on macOS. Cisco Talos, Cisco’s security division, writes in a blog how this vulnerability was exploited by attackers and what Microsoft has done to partially fix it. The exploit allows attackers to send emails from the user account or even take video recordings and photos without any interaction with the user.
In the blog, the cybersecurity group describes how malicious parties were able to gain access to Mac users’ cameras and microphones via Microsoft apps. MacOS has the so-called Transparency, consent and controlFramework (TCC) that manages app permissions.
This framework provides access to the camera, microphone, or library photos, among other things, to applications that have permission to do so. If an app does not have these rights, it is not allowed to access these parts of your computer. However, the exploit allowed malicious software to take advantage of the permissions granted to Microsoft apps.
“We have identified eight vulnerabilities in several Microsoft applications for macOS that could allow an attacker to bypass the operating system’s permission model by leveraging existing app permissions without prompting the user for additional authentication,” researchers write in the blog.
The vulnerabilities affect Microsoft applications such as Outlook, Teams, PowerPoint, OneNote, Excel, and Word. The vulnerabilities allowed attackers to send emails from the user’s account, record audio clips or videos, or take photos – all without user interaction.
According to Cisco Talos, Microsoft has classified this exploit as “low risk” because it relies on loading unsigned libraries to support third-party plugins. Microsoft has updated Microsoft Teams and OneNote for macOS after the exploits were reported. No action has been taken for the other apps at this time.
In addition, the researchers write that Apple could also make changes to the TCC to make the system more secure.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
