Microsoft bugs give attackers access to camera and microphone in Macs
Due to errors that occur at Microsoft, Mac users can be spied on by criminals. A recently discovered security flaw in Microsoft apps for MacOS allows attackers to secretly access cameras and microphones in the devices. Unsplash / Taan Huyn
Various MS apps affected
The vulnerability affects several popular Microsoft applications such as Outlook and Teams and exploits the existing permissions of these apps to access their camera and microphone without the users’ knowledge or consent. The attack is based on injecting malicious libraries into the Microsoft apps to take over the permissions granted by the users, shared the security researchers from the Cisco Talos Group, who analyzed the bugs.
The MacOS operating system uses a framework called Transparency Consent and Control (TCC), which manages permissions for apps to access sensitive functions such as the camera, microphone, and location services. Normally, apps must be granted special permission to even make a request to TCC and gain access to its functions. However, the vulnerability allows malicious software to exploit the permissions already obtained by Microsoft apps.
“We have identified eight vulnerabilities in various Microsoft applications for MacOS that allow an attacker to bypass the operating system’s permission model by using the existing app permissions without additional confirmation from the user,” the researchers explained. This could, for example, allow hackers to activate the microphone and make audio recordings or even take photos without the user noticing.
Too hesitant
Microsoft has responded to the discovery and released updates for the Microsoft Teams and OneNote apps for MacOS. However, other applications such as Excel, PowerPoint, Word and Outlook remain vulnerable to the attack. The researchers criticize Microsoft for classifying the problem as “low risk” even though the vulnerability could have serious consequences. The experts also question why Microsoft has disabled library validation, as no additional libraries should be loaded.
This could expose users to unnecessary risks by bypassing the operating system’s security mechanisms. Apple could also make improvements to the TCC system to further increase security, the researchers say. They suggest that the system should warn the user when third-party plugins are loaded into apps that have already received permissions.
Alexia is the author at Research Snipers covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More.
1 thought on “Microsoft bugs give attackers access to camera and microphone in Macs”