Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Several Microsoft 365 apps are at serious risk of compromising macOS devices, according to Cisco Talos

The cybersecurity expert discovered 8 vulnerabilities.

2 min. read

Published onAugust 20, 2024

published onAugust 20, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

A recent discovery by Cisco Taloshas spotlighted a somewhat unsettling reality for users of Microsoft’s macOS applications. Eight vulnerabilities across various Microsoft 365 apps have been identified, potentially allowing hackers to bypass macOS’s permission model.

This means that a hacker could send emails, record audio, or even take pictures and videos without any additional verification from the user. The vulnerabilities affect popular applications such as Microsoft Outlook, Teams, PowerPoint, OneNote, Excel, and Word.

These vulnerabilities stem from a technique known as code injection. In this technique, malicious code is sneaked into legitimate processes, allowing access to protected resources. MacOS has defences, like the Hardened Runtime feature, designed to prevent such code injection. However, Microsoft’s macOS applications enable a setting that bypasses this protection, leading to these vulnerabilities.

Microsoft’s response to these findings was somewhat underwhelming. They acknowledged the issues but deemed them low risk, citing the need for their apps to load unsigned libraries to support plugins. They’ve fixed the vulnerabilities for some apps but left others, like Excel, Outlook, PowerPoint, and Word, vulnerable.

This isn’t the first time Cisco Talos has apprehended vulnerabilities in the Microsoft 365 environment. Earlier this year, the cybersecurity expert foundmalware in the form of Microsoft installersspreading in Google Cloud Run.

This situation leaves users in a bit of a pickle. While Microsoft prioritizes plugin functionality over security for certain apps, it exposes users to significant risks. The balance between functionality and security is tricky, and it’s unclear how Apple will address these vulnerabilities on its platform.

If you use Microsoft’s macOS applications, you could be at risk. The vulnerabilities could allow bad actors to exploit the permissions granted to these apps, doing things on your behalf without your knowledge.

More about the topics:macos,Microsoft 365

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Milan Stanojevic

Windows Toubleshooting Expert

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.