Urgent warning to Apple users about hackers using Microsoft apps to spy on them

Security experts are warning millions of Apple Mac users to protect themselves after discovering that hackers can use apps to spy on people.

Cybersecurity group Cisco Talos discovered eight vulnerabilities this week in various Microsoft apps, including Teams, Outlook, Word and PowerPoint, that could allow cybercriminals to gain access to your computer.

The company warned Apple users that hackers are injecting malicious code into the apps, allowing them to take over user-granted permissions that give the apps access to the microphone and camera.

Although Apple’s macOS systems have security measures in place to protect users from malicious actors, they can still inject malicious code using malware, which is software designed to gain unauthorized access to a device.

Security experts are warning millions of Apple users to protect themselves after discovering hackers can use Microsoft apps to spy on people

The vulnerability was discovered in Microsoft macOS apps that use Transparency Consent and Control (TCC) to manage user permissions to access location services, photos, folders, and screenshots.

Cisco Talos discovered that the TCC framework provides a gateway for hackers to steal app permissions and take over the device.

If hackers were to gain access through Microsoft’s apps, they could unknowingly send emails from users’ accounts, as well as take photos and record audio and video clips.

They can also leak sensitive information or escalate privileges, gaining access to other personal data and system privileges.

“We have identified eight vulnerabilities in various Microsoft applications for macOS that could allow an attacker to bypass the operating system’s permission model by leveraging existing app permissions without prompting the user for additional authentication,” Cisco Talos reported.

For those wondering how hackers can gain access to the camera or microphone through apps like Word, which normally don’t require cameras, the group explains that “all apps except Excel have the ability to record audio. Some even have access to the camera.”

According to reports, attackers are abusing macOS permission settings to secretly record video or audio without the user’s knowledge.

Permissions determine what data apps on a user’s mobile device can access. You can allow or deny access and change your preferences in settings.

After an app is downloaded, a notification is typically sent to the user requesting permission to read, modify, or delete files, photos, and videos, track the user’s location, and take photos and videos.

MacOS’s default security policy provides users with minimal protection against malware installed without the user’s explicit consent.

The vulnerabilities are all related to potential library injections that macOS attempts to protect users against using Hardened Runtime, a system that is intended to prevent hackers from downloading malicious code onto the system.

However, Cisco Talos claims that Microsoft disabled some features of the Hardened Runtime so that third-party companies could add social media sharing buttons, contact forms, and other analytics tools.

If hackers gained access through Microsoft’s apps, they could send emails from users’ accounts, including Teams, Outlook, Word and PowerPoint, without them realizing it. They could also take photos and record audio and video clips.

If hackers gained access through Microsoft’s apps, they could send emails from users’ accounts, including Teams, Outlook, Word and PowerPoint, without them realizing it. They could also take photos and record audio and video clips.

Despite Microsoft’s claims that it is absolutely necessary to grant third-party access to user permissions, Cisco Talos reported that this is not necessary because “to our knowledge, the only ‘plug-ins’ available for Microsoft’s macOS apps are web-based and known as ‘Office Add-ins.'”

“If this belief is correct, it raises questions about the need to disable library validation, especially if no additional libraries are being loaded,” Cisco Talos continues.

‘By using this privilege, Microsoft bypasses the protections provided by the enhanced runtime, potentially exposing users to unnecessary risk.’

A Microsoft spokesperson told DailyMail.com: ‘The publicly disclosed cases do not pose a significant security risk as the technique described requires the attacker to already have some level of access to the system.

“However, we have implemented several updates for additional protection, as detailed in the report. As a best practice, customers should keep their software up to date and regularly review application permissions.”

Cisco Talos reported that Microsoft has updated the Teams and OneNote apps on macOS, but has not updated the validation requirements for Excel, PowerPoint, Word, and Outlook.

The company warned that Microsoft is giving hackers the ability to “abuse all permissions of the apps and, without prompting the user, re-use any permissions already granted to the app. In this way, Microsoft effectively acts as a permission broker for the attacker.”

DailyMail.com has reached out to Microsoft for comment.