ARTICLE AD BOX
Security experts have warned millions of Apple Mac users that hackers could use apps to spy on sensitive information.
Cybersecurity group Cisco Talos has discovered a total of eight vulnerabilities in several Microsoft applications, including Teams, Outlook, Word, and PowerPoint, that could allow hackers to access your computer.
Apple users are warned that hackers are inserting malicious code into apps, allowing them to hijack user permissions that give apps access to the microphone and camera.
Although macOS systems have security measures in place to protect users, hackers can inject malicious code using malware designed to gain unauthorized access to the device.
The vulnerabilities were disclosed in Microsoft's macOS apps, which use "Transparency, Consent, and Control" (TCC) to manage users' permissions to access location services, photos, folders, and screen recordings.
Cisco Talos found that the TCC framework gives attackers a significant gateway to compromise application permissions and take control of the device.
If hackers are able to achieve their goal through Microsoft applications, they can send emails from users’ accounts without them noticing, as well as take photos and record audio and video clips. They can also leak sensitive information and access other personal data.
“All applications except Excel have the ability to record audio, and some can even access the camera,” Cisco Talos reported.
“The cases we have uncovered do not pose a significant security risk, as the technique described requires the attacker to already have some level of access to the system,” a Microsoft spokesperson told the Daily Mail. “However, we have implemented several updates to further protect against this. Customers should update their software and review app permissions regularly.”
Cisco Talos explained that Microsoft has updated the Teams and OneNote apps on macOS, but has not updated the verification requirements on Excel, PowerPoint, Word, and Outlook.
The company warned that this could allow hackers to "exploit all app rights, and reuse all permissions already granted to the app, without any prompts from the user."