Jump to content
  • Sign Up
×
×
  • Create New...

Microsoft Office, Teams Vulnerabilities Enable Hackers to Access Camera and Microphone on macOS: Report

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

This is the hidden content, please
Office, Teams Vulnerabilities Enable Hackers to Access Camera and Microphone on macOS: Report

A cybersecurity group has discovered multiple vulnerabilities in apps developed by

This is the hidden content, please
for macOS that allowed hackers to target users. The security flaws affect apps such as
This is the hidden content, please
Office,
This is the hidden content, please
, Teams, OneNote and other apps from the Redmond firm, and hackers were able to access a user’s camera and microphone by misusing Apple’s permission framework on its desktop operating system.. While
This is the hidden content, please
has issued fixes for two of its applications on macOS, its other apps are still vulnerable to attackers.

This is the hidden content, please
App Vulnerabilities Let Hackers Access Camera, Microphone Without Permissions

Cybersecurity group Cisco Talos revealed details of eight vulnerabilities spotted in

This is the hidden content, please
’s apps for macOS in a
This is the hidden content, please
. These flaws allowed hackers to inject specially crafted malicious libraries into six
This is the hidden content, please
apps —
This is the hidden content, please
, Teams, PowerPoint, Excel, Word, OneNote — and bypass Apple’s permission model on macOS.

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

How hackers can inject malicious libraries into legitimate apps on macOS
Photo Credit: Cisco Talos

 

In order to gain access to a user’s microphone and camera, malicious software would need to be granted explicit user consent for the relevant permissions, in accordance with Apple’s Transparency, Consent and Control (TCC) framework on macOS. However. some malicious programs can use a process called library injection (or dylib injection on macOS) to gain access to permissions that were granted to other apps.

As a result, macOS users who had

This is the hidden content, please
’s apps installed on their computer could be vulnerable to hacking, according to Cisco Talos. The flaws allowed hackers to record audio by injecting libraries into the aforementioned apps.
This is the hidden content, please
Excel is the only app in the list that doesn’t have access to the microphone, while apps such as
This is the hidden content, please
Teams can also access the device’s camera.

This is the hidden content, please
Patches Two Affected Apps, Other Apps Remain Vulnerable

 The cybersecurity group says that it reported the security vulnerabilities to

This is the hidden content, please
, and the firm has since updated two of the affected apps with fixes for the flaws. Users who are running the latest versions of
This is the hidden content, please
Teams and OneNote should not be impacted, but the company’s
This is the hidden content, please
and Office apps are currently affected by the security flaw.

According to Cisco Talos,

This is the hidden content, please
should not have disabled library validation, as it exposes users to unnecessary risks by bypassing hardened runtime safeguards put in place by Apple on the OS, designed to protect users via TCC and its permission model.

Apple could increase security on macOS by prompting users when a third-party plugin is being loaded into apps, as these apps might have already been granted permissions. This could warn users that these external plugins can access the same permissions granted to the original app. 



This is the hidden content, please

#

This is the hidden content, please
#Office #Teams #Vulnerabilities #Enable #Hackers #Access #Camera #Microphone #macOS #Report

This is the hidden content, please

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept