Security researchers have issued a warning to macOS users regarding multiple unpatched vulnerabilities found in Microsoft apps designed for the system. These vulnerabilities could potentially allow malicious actors to gain unauthorized access to sensitive device permissions.
Unpatched Vulnerabilities in Microsoft macOS Apps
In a recent report by Cisco Talos, researchers highlighted the risks associated with exploiting unaddressed security flaws in Microsoft applications for macOS.
The researchers identified eight distinct security vulnerabilities affecting various Microsoft apps available on Mac devices. They discovered these vulnerabilities while examining the Microsoft apps and their compatibility with the macOS platform’s permission-based security model, which relies on the Transparency, Consent, and Control (TCC) framework. By exploiting these vulnerabilities, an attacker could circumvent TCC controls and obtain additional permissions without user consent.
If successfully exploited, these vulnerabilities could enable an attacker to carry out malicious activities using the permissions granted to Microsoft apps. These actions may include sending deceptive emails, capturing audio or video recordings, and taking photos without authorization.
The researchers specifically identified the following eight library injection vulnerabilities in different Microsoft apps. An attacker could exploit these vulnerabilities by inserting malicious libraries into the running processes of targeted apps to bypass existing permissions:
- CVE-2024-42220 (CVSS 7.1): Affects Microsoft Outlook 16.83.3 for macOS.
- CVE-2024-42004 (CVSS 7.1): Affects Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS.
- CVE-2024-39804 (CVSS 7.1): Impacts Microsoft PowerPoint 16.83 for macOS.
- CVE-2024-41159 (CVSS 7.1): Exists in Microsoft OneNote 16.83 for macOS.
- CVE-2024-41165 (CVSS 7.1): Impacts Microsoft Word 16.83 for macOS.
- CVE-2024-43106 (CVSS 7.1): Exists in Microsoft Excel 16.83 for macOS.
- CVE-2024-41145 (CVSS 7.1): Affects WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS.
- CVE-2024-41138 (CVSS 7.1): Exists in com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS.
Microsoft’s Response to the Threat
Given the operational model of Apple macOS, the researchers expressed concerns that an attacker could exploit all permissions granted to an app and execute malicious activities “on behalf of the app.”
While macOS’s security features like hardened runtime prevent code execution via another application’s process, injecting a malicious library into the targeted app’s process space opens avenues for exploitation.
According to Cisco Talos, Microsoft has downplayed the severity of these unpatched vulnerabilities. The company considers these issues low risk and asserts that certain applications require the loading of unsigned libraries to support plugins, thus declining to address the vulnerabilities.
Despite some updates addressing vulnerabilities in Microsoft Teams WebView.app, Microsoft Teams main app, Microsoft Teams ModuleHost.app, and Microsoft OneNote apps for macOS, vulnerabilities in Microsoft Office apps (Excel, Word, PowerPoint, Outlook) persist.
We invite you to share your insights in the comments section.
