- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
8 vulnerabilities found in macOS operating system Microsoft apps
Researchers from Cisco Talos have discovered 8 vulnerabilities in macOS operating system Microsoft apps. Through these vulnerabilities, a malicious actor can bypass an operating system’s permission model via existing permissions without requiring additional verification from the user. Successful attacks could grant a malicious actor any privilege already gained in the targeted application, such as sending emails, recording video and audio, or capturing pictures. According to the research, Microsoft considers these vulnerabilities to be a low risk and have declined to fix the issues.
“Security teams must remain vigilant as there are vulnerabilities in Microsoft’s macOS apps that could lead to potential breaches,” says Eric Schwake, Director of Cybersecurity Strategy at Salt Security. “These vulnerabilities allow for malicious code injection, potentially enabling attackers to hijack user-granted permissions and access sensitive resources such as cameras, microphones, and screen recordings without user consent. Despite Microsoft downplaying the risk, the potential for unauthorized surveillance and data exfiltration is significant. Taking immediate action is crucial, so security teams should prioritize updating vulnerable apps, enforce strict access controls, and consider additional security measures such as restricting app permissions to mitigate these risks.”
Jason Soroko, Senior Vice President of Product at Sectigo, comments, “This is not something that should become a trend. Overcoming Apple’s security undermines why people buy into that ecosystem. This situation underscores the need for security teams to assess the entitlements and permissions granted to applications critically, even if users themselves don’t. Immediate actions should include reviewing and tightening app permissions, implementing monitoring for unusual activity, and encouraging users to update their software as soon as patches are released. Moreover, collaboration between software vendors and Apple to ensure security features are properly implemented without compromising functionality is essential.”