Microsoft Office Exploit Used to Hack macOS Devices, Fix Released

Apple and Microsoft have fixed the flaw in macOS 10.15.3 and the latest version of Office on Mac, respectively.

Advertisement
By Tasneem Akolawala | Updated: 6 August 2020 18:58 IST
Highlights
  • Microsoft Office SLK format is used to sidestep the macOS security system
  • Former NSA hacker Patrick Wardle was able to discover this exploit
  • Apple has offered no response to Wardle’s reports of the new flaw
Microsoft Office Exploit Used to Hack macOS Devices, Fix Released

Researcher used the age-old SLK format to perform the exploit

macOS security researcher and former NSA hacker Patrick Wardle has discovered a new vulnerability that would have allowed a hacker to take control of a Mac device by using a simple Microsoft Office file. The researcher discovered that hackers could easily misuse the ‘macro' feature in Microsoft Office to take control of devices. Microsoft Office apps allow users to automate tasks with custom commands using the ‘macro' feature. While hacks exploiting Office features on Windows devices have been reported earlier, this is said to be the first time that a researcher has demonstrated a macro-enabled exploit working on macOS as well. The exploit has now been patched.

In a blog post, the security researcher explained using several breaches and bugs that were present in Microsoft Office to inject the malicious code on macOS devices. The researcher created a file in the age-old ‘SLK' format to sidestep the macOS security system. The researcher also created a file whose name started with the ‘$' character. This particular file with the malicious code was able to break the Microsoft Office sandbox and enable the researcher to access the macOS device. Wardle even published a video showing off how the malicious code was used to open the Calculator app through Microsoft Excel. The searcher says that this exploit could be used to access other things as well.

For the exploit to work, the ‘macro' feature has to be enabled by the user for its Microsoft Office apps. The researcher points that Microsoft Office asks users if they really want to enable the ‘automated task' feature, and users who don't look at system alerts and just click on any option to rush through dialog boxes, are often more prone to harm than others. “Humans are impatient, exploits don't have to be,” the researcher told Vice.

While Apple did not respond to Wardle's report of the newly discovered flaw, a Microsoft spokesperson told the publication, “The company has investigated and determined that any application, even when sandboxed, is vulnerable to misuse of these APIs. We are in regular discussion with Apple to identify solutions to these issues and support as needed.” Furthermore, Apple and Microsoft have fixed the flaw in macOS 10.15.3 and the latest version of Microsoft Office on Mac, respectively.

WWDC 2020 had a lot of exciting announcements from Apple, but which are the best iOS 14 features for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apple, Microsoft, Microsoft Office, macOS
Canon Hit by Maze Ransomware Attack, Image.Canon Service Down: Report
Oppo A52 8GB RAM Variant Launched in India as a Part of Amazon Prime Day 2020 Sale
Advertisement

Related Stories

Made in India iPhones Will Still Be Cheaper in the US, Even With Donald Trump's 25 Percent Tariff: GTRI Report
24 May 2025
Xiaomi Surpasses Apple to Lead Wearables Market in Q1 2025 With 19 Percent Market Share: Canalys
24 May 2025
Trump Threatens 25 Percent Tariffs on Apple If iPhones Not Made in US
23 May 2025
iPhone 16 Pro Max, iPhone 15, MacBook Air (M4) and More Get Discounts During Vijay Sales Apple Days Sale
23 May 2025
Apple Stores Said to Be Opened in Mumbai and Bengaluru as Apple Eyes Retail Expansion
23 May 2025

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Realme GT 7 Series: Launch Date, Expected Price in India and More
  2. Vivo X200 FE Reportedly Listed on BIS, IMDA Websites Ahead of Launch
  3. Xiaomi Surpasses Apple to Lead Wearables Market in Q1 2025: Canalys
#Latest Stories
  1. X Restores Access After Thousands of Users Report X Website and App Not Working
  2. Made in India iPhones Will Still Be Cheaper in the US, Even With Donald Trump's 25 Percent Tariff: GTRI Report
  3. Xiaomi Surpasses Apple to Lead Wearables Market in Q1 2025 With 19 Percent Market Share: Canalys
  4. Vivo X200 FE Reportedly Listed on BIS, IMDA Certification Websites Ahead of Anticipated Launch in India
  5. Oracle Said to Buy $40 Billion of Nvidia Chips for OpenAI's US Data Center
  6. Trump Threatens 25 Percent Tariffs on Apple If iPhones Not Made in US
  7. iPhone 16 Pro Max, iPhone 15, MacBook Air (M4) and More Get Discounts During Vijay Sales Apple Days Sale
  8. Anthropic CEO Dario Amodei Says AI Models Hallucinate Less Than Humans: Report
  9. UK Government Updates Crypto Reporting Guidelines, Mandates Collection of Crypto Transaction Data
  10. Acer Swift Neo WIth Intel Core Ultra 5, Up to 32GB RAM Launched in India: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.