Researchers warn macOS users about numerous unpatched vulnerabilities in Microsoft apps for the system. Exploiting these vulnerabilities may allow an adversary to gain sensitive device permissions.
Numerous Vulnerabilities In Microsoft macOS Apps Remain Unpatched
In a recent post, Cisco Talos researchers discussed the threats posed by exploiting unpatched vulnerabilities in Microsoft macOS apps.
As elaborated, they found eight different security vulnerabilities affecting various Microsoft applications available for Mac devices. They detected the security issues when analyzing Microsoft apps and the exploitability of the macOS platform’s permission-based security model, which relies on the Transparency, Consent, and Control (TCC) framework. As observed, an adversary may exploit the flaws to bypass TCC controls and gain additional permissions without prompting users.
Successful exploitation of these vulnerabilities empowers an adversary to perform any malicious actions using the Microsoft apps’ permissions. These may include sending sneaky emails, recording audio or video on the target system, and taking pictures.
Specifically, the researchers found the following eight library injection vulnerabilities in different Microsoft apps. An attacker may exploit the flaw by injecting maliciously crafted libraries into the running processes of target apps to bypass existing permissions.
- CVE-2024-42220 (CVSS 7.1): Affects Microsoft Outlook 16.83.3 for macOS.
- CVE-2024-42004 (CVSS 7.1): Affects Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS.
- CVE-2024-39804 (CVSS 7.1): Impacts Microsoft PowerPoint 16.83 for macOS.
- CVE-2024-41159 (CVSS 7.1): Exists in Microsoft OneNote 16.83 for macOS.
- CVE-2024-41165 (CVSS 7.1): Impacts Microsoft Word 16.83 for macOS.
- CVE-2024-43106 (CVSS 7.1): Exists in Microsoft Excel 16.83 for macOS.
- CVE-2024-41145 (CVSS 7.1): Affects WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS.
- CVE-2024-41138 (CVSS 7.1): Exists in com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS.
Microsoft Downplays The Threat
Considering how the permission-based model in Apple macOS works, the researchers fear that an adversary may exploit all permissions granted to an app and perform various malicious functions “on behalf of the app.”
Although macOS’s security features, such as hardened runtime, prevent code execution through the process of another application, injecting a maliciously crafted library in the target app’s process space opens up exploitation possibilities.
According to Cisco Talos, Microsoft did not deem these unpatched vulnerabilities a potential threat. As stated in their post,
Microsoft considers these issues low risk, and some of their applications, they claim, need to allow loading of unsigned libraries to support plugins and have declined to fix the issues.
Nonetheless, the researchers observed some updates with Microsoft Teams WebView.app, Microsoft Teams main app, Microsoft Teams ModuleHost.app, and Microsoft OneNote apps for macOS, which addressed the vulnerabilities. However, Microsoft Office apps (Excel, Word, PowerPoint, Outlook) remain vulnerable.
Let us know your thoughts in the comments.