Categories
Apple Apps Business Developer Hack Hacks Legal Mac macOS Malware Microsoft News privacy retail security Software

Security firm cites security holes present in six Microsoft applications

This probably isn’t the news Microsoft wanted.

Per security firm Cisco Talos, no less than six Microsoft applications contain

security vulnerabilities that could allow a hacker to “gain any privileges already granted to the affected Microsoft applications,” per a report by the security firm.

The apps affected include Microsoft Excel, OneNote, Outlook, PowerPoint, Teams, and Word. Microsoft runs an entitlement that disables macOS’s hardened runtime, which provides security against Dynamically Linked Library hacks. This can allow a hacker to install malicious software into Microsoft’s apps.”

Cisco Talos offered the following comments as to the vulnerabilities:

“The attacker could send emails from the user account without the user noticing, record audio clips, take pictures or record videos without any user interaction,” according to Cisco Talos. The security firm stated that “Microsoft considers these issues low risk,” and that the company, “has declined to fix the issues.”

Although Microsoft has updated Teams and OneNote to address the entitlement issue, the other apps still appear to contain the vulnerability.

Microsoft has yet to publicly address or seem to prioritize a fix for the issue, so you’ll have to be careful. Don’t let unknown people access your Mac, and don’t plug in suspicious devices like USB drives. Keep an eye out for security updates and security patches, and if you purchased Microsoft Office through the App Store, you could check there for updates.

For its own part, Apple features protections and security patches that are released through macOS updates, and it’s advisable to install them once they become available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.

Stay tuned for additional details as they become available.

Via Macworld and Cisco Talos