Several Microsoft 365 apps are at serious risk of compromising macOS devices, according to Cisco Talos
The cybersecurity expert discovered 8 vulnerabilities.
2 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
A recent discovery by Cisco Talos has spotlighted a somewhat unsettling reality for users of Microsoft’s macOS applications. Eight vulnerabilities across various Microsoft 365 apps have been identified, potentially allowing hackers to bypass macOS’s permission model.
This means that a hacker could send emails, record audio, or even take pictures and videos without any additional verification from the user. The vulnerabilities affect popular applications such as Microsoft Outlook, Teams, PowerPoint, OneNote, Excel, and Word.
| TALOS-2024-1972 | CVE-2024-42220 | Microsoft Outlook |
| TALOS-2024-1973 | CVE-2024-42004 | Microsoft Teams (work or school) |
| TALOS-2024-1974 | CVE-2024-39804 | Microsoft PowerPoint |
| TALOS-2024-1975 | CVE-2024-41159 | Microsoft OneNote |
| TALOS-2024-1976 | CVE-2024-43106 | Microsoft Excel |
| TALOS-2024-1977 | CVE-2024-41165 | Microsoft Word |
| TALOS-2024-1990 | CVE-2024-41145 | Microsoft Teams (work or school) WebView.app helper app |
| TALOS-2024-1991 | CVE-2024-41138 | Microsoft Teams (work or school) com.microsoft.teams2.modulehost.app |
These vulnerabilities stem from a technique known as code injection. In this technique, malicious code is sneaked into legitimate processes, allowing access to protected resources. MacOS has defences, like the Hardened Runtime feature, designed to prevent such code injection. However, Microsoft’s macOS applications enable a setting that bypasses this protection, leading to these vulnerabilities.
Microsoft’s response to these findings was somewhat underwhelming. They acknowledged the issues but deemed them low risk, citing the need for their apps to load unsigned libraries to support plugins. They’ve fixed the vulnerabilities for some apps but left others, like Excel, Outlook, PowerPoint, and Word, vulnerable.
This isn’t the first time Cisco Talos has apprehended vulnerabilities in the Microsoft 365 environment. Earlier this year, the cybersecurity expert found malware in the form of Microsoft installers spreading in Google Cloud Run.
This situation leaves users in a bit of a pickle. While Microsoft prioritizes plugin functionality over security for certain apps, it exposes users to significant risks. The balance between functionality and security is tricky, and it’s unclear how Apple will address these vulnerabilities on its platform.
If you use Microsoft’s macOS applications, you could be at risk. The vulnerabilities could allow bad actors to exploit the permissions granted to these apps, doing things on your behalf without your knowledge.
