web analytics
Home » Technology » Mac » Microsoft bugs give attackers access to camera and microphone in Macs

Microsoft bugs give attackers access to camera and microphone in Macs

3 weeks ago Alexia Hope

Due to errors that occur at Microsoft, Mac users can be spied on by criminals. A recently discovered security flaw in Microsoft apps for MacOS allows attackers to secretly access cameras and microphones in the devices. Unsplash / Taan Huyn

Various MS apps affected

The vulnerability affects several popular Microsoft applications such as Outlook and Teams and exploits the existing permissions of these apps to access their camera and microphone without the users’ knowledge or consent. The attack is based on injecting malicious libraries into the Microsoft apps to take over the permissions granted by the users, shared the security researchers from the Cisco Talos Group, who analyzed the bugs.

The MacOS operating system uses a framework called Transparency Consent and Control (TCC), which manages permissions for apps to access sensitive functions such as the camera, microphone, and location services. Normally, apps must be granted special permission to even make a request to TCC and gain access to its functions. However, the vulnerability allows malicious software to exploit the permissions already obtained by Microsoft apps.

“We have identified eight vulnerabilities in various Microsoft applications for MacOS that allow an attacker to bypass the operating system’s permission model by using the existing app permissions without additional confirmation from the user,” the researchers explained. This could, for example, allow hackers to activate the microphone and make audio recordings or even take photos without the user noticing.

Too hesitant

Microsoft has responded to the discovery and released updates for the Microsoft Teams and OneNote apps for MacOS. However, other applications such as Excel, PowerPoint, Word and Outlook remain vulnerable to the attack. The researchers criticize Microsoft for classifying the problem as “low risk” even though the vulnerability could have serious consequences. The experts also question why Microsoft has disabled library validation, as no additional libraries should be loaded.

This could expose users to unnecessary risks by bypassing the operating system’s security mechanisms. Apple could also make improvements to the TCC system to further increase security, the researchers say. They suggest that the system should warn the user when third-party plugins are loaded into apps that have already received permissions.

Tags: , , , , , , ,

More Stories

MacOS under attack: Cthulhu malware tricks users

2 weeks ago Yasir Zeb

MacOS Gatekeeper Security Features

1 month ago Yasir Zeb

Apple is expected to release M3 MacBook Airs in March, along with new iPad Pro and iPad Air variants

9 months ago RS News

1 thought on “Microsoft bugs give attackers access to camera and microphone in Macs

  1. Pingback: AI Will Not Destroy Us Says Bill Gates – Research Snipers

Leave a Reply

Today’s Latest

Apple makes AirPods Pro 2 ready for iOS 18

22 mins ago Alexia Hope

iOS 17.7 brings important security updates

2 hours ago Amit Gohar

Apple publishes list of more than 250 new iOS 18 features

3 hours ago Yasir Zeb

Sony refurbished PlayStation 5 announced

3 hours ago Amit Gohar

Apple iPhone 16 price may drop by 20 percent in 6 months

4 hours ago Amit Gohar

Ford unveils annoying system for in-car advertising

4 hours ago Yasir Zeb
infinaeon

The Injective Price Rally Surprises Traders, But Infinaeon Could Offer Far Bigger Returns

5 hours ago Alexia Hope

Everything about Microsoft Patchday for Windows 10 and 11 in September 2024

24 hours ago Amit Gohar

iPhone 16 fresh design with new AI features

1 day ago Amit Gohar

Apple now helps with hearing aid functions

1 day ago Amit Gohar