Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks

Widely used Microsoft apps for macOS are vulnerable to library injection attacks that let adversaries use the applications’ entitlements to bypass macOS’s strict permission-based security model and controls. Attackers can abuse the vulnerable apps to execute a variety of malicious actions — like surreptitiously sending emails from a user’s account or recording audio and video clips — without the user’s knowledge and without the need for any user interaction. Cisco Talos researchers found eight major Microsoft apps for macOS — Outlook, Teams, PowerPoint, OneNote, Excel, Word, and two other Teams-related components — allow attackers to inject a malicious library into the app’s running processes. “That library could use all the permissions already granted to the process, effectively operating on behalf of the application itself.

Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks

20-August-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address