- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
8 vulnerabilities found in macOS operating system Microsoft apps
Researchers from Cisco Talos have discovered 8 vulnerabilities in macOS operating system Microsoft apps. Through these vulnerabilities, a malicious actor can bypass an operating system’s permission model via existing permissions without requiring additional verification from the user. Successful attacks could grant a malicious actor any privilege already gained in the targeted application, such as sending emails, recording video and audio, or capturing pictures. According to the research, Microsoft considers these vulnerabilities to be a low risk and have declined to fix the issues.
“Security teams must remain vigilant as there are vulnerabilities in Microsoft’s macOS apps that could lead to potential breaches,” says Eric Schwake, Director of Cybersecurity Strategy at Salt Security. “These vulnerabilities allow for malicious code injection, potentially enabling attackers to hijack user-granted permissions and access sensitive resources such as cameras, microphones, and screen recordings without user consent. Despite Microsoft downplaying the risk, the potential for unauthorized surveillance and data exfiltration is significant. Taking immediate action is crucial, so security teams should prioritize updating vulnerable apps, enforce strict access controls, and consider additional security measures such as restricting app permissions to mitigate these risks.”
Jason Soroko, Senior Vice President of Product at Sectigo, comments, “This is not something that should become a trend. Overcoming Apple’s security undermines why people buy into that ecosystem. This situation underscores the need for security teams to assess the entitlements and permissions granted to applications critically, even if users themselves don’t. Immediate actions should include reviewing and tightening app permissions, implementing monitoring for unusual activity, and encouraging users to update their software as soon as patches are released. Moreover, collaboration between software vendors and Apple to ensure security features are properly implemented without compromising functionality is essential.”