Recent discoveries by cybersecurity researchers at Cisco Talos highlight critical vulnerabilities in Microsoft’s popular macOS applications, posing significant security risks despite Microsoft labeling them as low-severity threats. Attackers could exploit these flaws to gain unauthorized access to a user’s microphone, camera, sensitive data, and even escalate privileges. Although these issues affect apps like Word, Excel, PowerPoint, Outlook, OneNote, and Teams, Microsoft has only addressed the vulnerabilities in Teams and OneNote, leaving others unpatched.
The Core Vulnerabilities: Library Injection Exploits
The identified vulnerabilities involve a technique known as library injection, where attackers can load malicious libraries by exploiting entitlements in macOS apps. macOS typically defends against such threats using the Hardened Runtime feature, which blocks untrusted libraries. However, Microsoft’s applications have enabled the com.apple.security.cs.disable-library-validation entitlement, allowing certain third-party plugins, thereby nullifying these protections.
When attackers successfully inject malicious code, they can hijack the app’s existing permissions and entitlements. This access could allow them to capture video, record audio, log keystrokes, and access folders—all without any additional prompts to the user. Essentially, these apps become a vector for attackers to exploit system permissions that have already been granted by the user.
List of vulnarabilites:
- CVE-2024-42220 (Outlook)
- CVE-2024-42004 (Teams – work or school) (main app)
- CVE-2024-39804 (PowerPoint)
- CVE-2024-41159 (OneNote)
- CVE-2024-43106 (Excel)
- CVE-2024-41165 (Word)
- CVE-2024-41145 (Teams – work or school) (WebView.app helper app)
- CVE-2024-41138 (Teams – work or school) (com.microsoft.teams2.modulehost.app)
Unpatched Risks in Core Microsoft Office Apps
While Microsoft has fixed these issues in Teams and OneNote by removing the risky entitlement, Word, Excel, Outlook, and PowerPoint remain vulnerable. The company argues that these entitlements are necessary for certain functionalities, such as Office add-ins. However, researchers question this justification, noting that these add-ins are primarily web-based and unlikely to require such extensive permissions.
Protecting Against These Threats
Given the ongoing risks, cybersecurity company Purple Shield Security advise users to remain cautious. Keeping all software up to date is crucial, as is regularly reviewing app permissions. Additionally, using comprehensive cybersecurity solutions can provide an extra layer of protection. Until Microsoft releases patches for these applications, Mac users should monitor app activity closely and consider limiting permissions where possible.