- Perimeter Security Is at the Forefront of Industry 4.0 Revolution
- Black Friday sales just slashed the Apple Watch SE (2nd Gen) to its lowest price ever
- Get an Apple Watch Series 10 for $70 off for the first time ahead of Black Friday
- The 15 best Black Friday Target deals 2024
- This fantastic 2-in-1 laptop I tested is highly recommended for office workers (and it's on sale)
8 vulnerabilities found in macOS operating system Microsoft apps
Researchers from Cisco Talos have discovered 8 vulnerabilities in macOS operating system Microsoft apps. Through these vulnerabilities, a malicious actor can bypass an operating system’s permission model via existing permissions without requiring additional verification from the user. Successful attacks could grant a malicious actor any privilege already gained in the targeted application, such as sending emails, recording video and audio, or capturing pictures. According to the research, Microsoft considers these vulnerabilities to be a low risk and have declined to fix the issues.
“Security teams must remain vigilant as there are vulnerabilities in Microsoft’s macOS apps that could lead to potential breaches,” says Eric Schwake, Director of Cybersecurity Strategy at Salt Security. “These vulnerabilities allow for malicious code injection, potentially enabling attackers to hijack user-granted permissions and access sensitive resources such as cameras, microphones, and screen recordings without user consent. Despite Microsoft downplaying the risk, the potential for unauthorized surveillance and data exfiltration is significant. Taking immediate action is crucial, so security teams should prioritize updating vulnerable apps, enforce strict access controls, and consider additional security measures such as restricting app permissions to mitigate these risks.”
Jason Soroko, Senior Vice President of Product at Sectigo, comments, “This is not something that should become a trend. Overcoming Apple’s security undermines why people buy into that ecosystem. This situation underscores the need for security teams to assess the entitlements and permissions granted to applications critically, even if users themselves don’t. Immediate actions should include reviewing and tightening app permissions, implementing monitoring for unusual activity, and encouraging users to update their software as soon as patches are released. Moreover, collaboration between software vendors and Apple to ensure security features are properly implemented without compromising functionality is essential.”