Cisco Talos has uncovered 8 vulnerabilities in Microsoft applications for MacOS that could potentially allow attackers to gain access to permits and privileges granted by these applications. The vulnerabilities enable malicious actors to inject harmful libraries into Microsoft applications, circumventing the MacOS security model and exploiting existing permits without user notification.
Permissions in MacOS control applications’ access to resources like the microphone, camera, folders, and screen recording capabilities. If exploited, these vulnerabilities could lead to unauthorized access to sensitive information or the elevation of privileges within the system. In a successful attack, an intruder could impersonate the user, send emails on their behalf, and record audio or video without their knowledge.
Cisco Talos has provided detailed insights into how these vulnerabilities can bypass the MacOS security model based on the Transparency, Consent, and Control (TCC) system. This system requires explicit user consent for accessing personal data and system resources, offering protection against unauthorized access.
Despite the severity of the vulnerabilities, Microsoft has downplayed the issues as insignificant and has been reluctant to address some of them. The company argued that allowing the loading of unsigned libraries is necessary to support certain applications with plugins.
The vulnerabilities identified by Cisco Talos have been assigned identifiers and corresponding Common Vulnerabilities and Exposures (CVE) such as: Talos-2024-1975 for Microsoft OneNote, Talos-2024-1976 for Microsoft Excel, Talos-2024-1977 for Microsoft Word, Talos-2024-1990 for Microsoft Teams in the application of webView.App, and Talos-2024-1991 for Microsoft Teams in the auxiliary application of COM.MICROSOFT.Teams2.modulehost.app.