Microsoft Office, Teams Vulnerabilities Enable Hackers to Access Camera and Microphone on macOS: Report

Microsoft has patched two out of eight applications on macOS, while other affected apps remain vulnerable to the security flaw.

Advertisement
Written by David Delima | Updated: 20 August 2024 12:13 IST
Highlights
  • Microsoft apps including Teams, OneNote vulnerable to library injection
  • Hackers can use this to access permissions granted to legitimate apps
  • Microsoft is yet to issue fixes for the vulnerabilities on some apps
Microsoft Office, Teams Vulnerabilities Enable Hackers to Access Camera and Microphone on macOS: Report

Microsoft Outlook is one of the company's applications affected by the flaws on macOS

Photo Credit: Microsoft

A cybersecurity group has discovered multiple vulnerabilities in apps developed by Microsoft for macOS that allowed hackers to target users. The security flaws affect apps such as Microsoft Office, Outlook, Teams, OneNote and other apps from the Redmond firm, and hackers were able to access a user's camera and microphone by misusing Apple's permission framework on its desktop operating system.. While Microsoft has issued fixes for two of its applications on macOS, its other apps are still vulnerable to attackers.

Microsoft App Vulnerabilities Let Hackers Access Camera, Microphone Without Permissions

Cybersecurity group Cisco Talos revealed details of eight vulnerabilities spotted in Microsoft's apps for macOS in a blog post. These flaws allowed hackers to inject specially crafted malicious libraries into six Microsoft apps — Outlook, Teams, PowerPoint, Excel, Word, OneNote — and bypass Apple's permission model on macOS.

How hackers can inject malicious libraries into legitimate apps on macOS
Photo Credit: Cisco Talos

 

In order to gain access to a user's microphone and camera, malicious software would need to be granted explicit user consent for the relevant permissions, in accordance with Apple's Transparency, Consent and Control (TCC) framework on macOS. However. some malicious programs can use a process called library injection (or dylib injection on macOS) to gain access to permissions that were granted to other apps.

Advertisement

As a result, macOS users who had Microsoft's apps installed on their computer could be vulnerable to hacking, according to Cisco Talos. The flaws allowed hackers to record audio by injecting libraries into the aforementioned apps. Microsoft Excel is the only app in the list that doesn't have access to the microphone, while apps such as Microsoft Teams can also access the device's camera.

Advertisement

Microsoft Patches Two Affected Apps, Other Apps Remain Vulnerable

 The cybersecurity group says that it reported the security vulnerabilities to Microsoft, and the firm has since updated two of the affected apps with fixes for the flaws. Users who are running the latest versions of Microsoft Teams and OneNote should not be impacted, but the company's Outlook and Office apps are currently affected by the security flaw.

According to Cisco Talos, Microsoft should not have disabled library validation, as it exposes users to unnecessary risks by bypassing hardened runtime safeguards put in place by Apple on the OS, designed to protect users via TCC and its permission model.

Advertisement

Apple could increase security on macOS by prompting users when a third-party plugin is being loaded into apps, as these apps might have already been granted permissions. This could warn users that these external plugins can access the same permissions granted to the original app. 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Xiaomi Upgrade Days Sale Brings Discounts on These Devices
  2. iQOO Neo 10 First Sale in India Kicks Off Today: Price, Offers and Features
  3. Samsung Asks Galaxy Users to Activate Latest Anti-Theft Features
  4. Exclusive: Huawei Band 10 to Launch in India Priced Under Rs. 5,000
  5. Realme Narzo 80 Lite 5G RAM, Storage and Colour Options Tipped
  6. Realme C73 5G With 6,000mAh Battery Launched in India: See Price
  7. Redmi Pad 2 4G Global Variant Confirmed to Get a 11-Inch 2.5K Display
  8. Tecno Pova Curve 5G: Best Budget Camera Phone Of 2025? Honest Review!
  1. New Dwarf Planet Discovery Challenges Planet Nine Hypothesis
  2. Venus May Be Geologically Active: New Study Reveals Tectonic Processes Shaping Its Surface
  3. Genetic Study Reveals Maya Civilization’s Collapse Was a Reorganization
  4. Brightest Planets in June’s Night Sky: How and When to See Mercury, Venus, Mars and Saturn
  5. Hubble Spots Isolated Barred Spiral Galaxy That’s Secretly Part of a Cosmic Duo
  6. Tourist Family Now Available for Streaming on JioHotstar in Tamil, Telugu and Hindi Languages
  7. Pelli Kani OTT Release Date: When and Where to Watch it Online?
  8. Gajaana Now Streaming on JioHotstar: What You Need to Know About A Mythical Tale of Yali, Forests, and Fate
  9. Samsung Encourages Users to Activate Latest Anti-Theft Features on Galaxy Devices
  10. Fujifilm Instax Mini 41 With Close-Up Mode Launched in India: Price, Specifications
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.