Using Microsoft apps on Apple MacBook? Hackers can spy through cameras and mic- Cisco

Using Microsoft apps on Apple MacBook? Hackers can spy through cameras and mic- Cisco

2 months ago | 31 Views

If you are using Microsoft apps on your Apple MacBook then you may need to be worried about spying, warns a new cybersecurity report. Researchers at Cisco Talos, the cybersecurity arm of Cisco, have recently found vulnerabilities in several Microsoft apps for macOS. These can result in major security breaches as cyber criminals may gain unauthorised entry into users' microphone and camera. This can pose a threat to data security and exploitation of personal information at the hands of attackers.

The new blog post by Cisco Talos has shared details about the ways in which the cyber criminals can possibly exploit the security flaws. It also mentioned Microsoft's plan to fix these flaws. 

Security flaws detected on Microsoft app on macOS

According to the cybersecurity firm, it has detected eight security flaws on highly used Microsoft apps such as Teams, Excel, OneNote and Outlook that can be accessed by users on Mac. The cyber criminals can break into users camera and microphone by gaining unauthorised user generated permissions. The macOS follows a Transparency Consent and Control (TCC) policy which takes care of app permissions for granting users access to services such as camera, library photos, location, microphone and so on.  

The TCC approves or disapproves permissions to apps which are entitled to gaining access to these services. If not granted permission, the apps cannot use microphone, camera or any other service on the system. But, the security bug detected by Talos reportedly acquired access to app services by penetrating a malicious software. 

?We identified eight vulnerabilities in various Microsoft applications for macOS, through which an attacker could bypass the operating system's permission model by using existing app permissions without prompting the user for an additional verification,? researchers shared in the blog post.

This means that cyber criminals can exploit users' data in many ways based on the functions of different apps. For instance, the cyber criminal may use video conferencing app Teams for recording audio and video of the interactions. Similarly, the Outlook app can be exploited for sending unauthorized emails.

Microsoft calls security flaws low risk

As per Cisco Talos, Microsoft has labelled the security flaws as ?low risk?. This is because the exploit supports installing unauthorized libraries in order to allow access to the third party.  Microsoft updated the settings of OneNote and Teams apps in terms of gaining handling the access to library entitlements on MacOS after learning about these vulnerabilities. 

But, the apps including Outlook, Excel, Word and PowerPoint remain in the endangered category for a possible attack. 

The researchers also anticipated that recently discovered vulnerabilities may prompt Apple to modify the existing TCC framework for safeguarding the system. The cybersecurity firm has proposed that users should be alerted when they install third party plugins into apps which have got access to permissions.

Read Also: GoPro fires 15% of its employees to reduce operating costs - Details

#