Urgent Warning for Apple Users: Hackers Exploiting Microsoft Apps for Espionage

Security experts are urging Apple users to bolster their defenses after discovering that hackers are leveraging Microsoft applications to spy on individuals.

Cisco Talos, a cybersecurity group, identified eight vulnerabilities in several Microsoft applications—Teams, Outlook, Word, and PowerPoint—this week. These flaws could potentially grant cybercriminals unauthorized access to your computer.

The vulnerabilities allow hackers to inject malicious code into these apps, thereby gaining control over user permissions for the microphone and camera. Although macOS includes security measures to safeguard users from malicious activities, these measures can be bypassed by malware designed to gain unauthorized access.

The vulnerabilities were found within Microsoft’s macOS applications that use the Transparency Consent and Control (TCC) framework to manage permissions for accessing location services, photos, folders, and screen recordings. Cisco Talos revealed that this framework could allow hackers to steal app permissions and take control of devices.

If attackers exploit these vulnerabilities, they could send emails from users’ accounts unnoticed, capture photos, and record audio and video. They may also leak sensitive information or escalate their privileges to access other personal data and system features.

Cisco Talos noted, “We have identified eight vulnerabilities in various Microsoft applications for macOS, through which an attacker could bypass the operating system permissions model using existing application permissions without requiring the user to provide any additional verification.”

For those concerned about how hackers might access a camera or microphone through apps like Word, which typically don’t require such access, Cisco Talos explained that “all applications, except Excel, have the ability to record audio, and some can even access your camera.”

Reports suggest that malicious actors are exploiting macOS permissions to secretly record video or audio without users’ knowledge. MacOS permissions control which data apps can access, and users can grant or deny these permissions through the settings.

After installing an app, users often receive a notification requesting permission to read, modify, or delete files, access photos and videos, track location, and record media.

The default security policy of macOS offers minimal protection against malware installed without explicit user consent. The vulnerabilities are related to potential library injections, which macOS attempts to guard against using the Hardened Runtime—a system intended to prevent the installation of malicious code.

Cisco Talos claimed that Microsoft had disabled certain features of the Hardened Runtime to allow third-party integrations, such as social media share buttons and contact forms. Cisco Talos questioned the necessity of disabling library validation, suggesting that Microsoft’s approach might expose users to unnecessary risks.

A Microsoft spokesperson responded, “The reported cases do not pose a significant security risk as the technique requires the attacker to have some level of system access. However, we have implemented several updates to enhance protection, as detailed in the report. Users should update their software and regularly review app permissions.”

Cisco Talos reported that while Microsoft has updated Teams and OneNote on macOS, it has not yet updated verification requirements for Excel, PowerPoint, Word, and Outlook. The company warned that by leaving these vulnerabilities unaddressed, Microsoft is allowing hackers to exploit all app permissions and act as permission brokers for attackers.