How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system.
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft’s applications to gain their entitlements and user-granted permissions.
Permissions regulate whether an app can access resources such as the microphone, camera, folders, screen recording, user input and more. So if an adversary were to gain access to these, they could potentially leak sensitive information or, in the worst case, escalate privileges.
This post also provides an overview of the macOS security model and illustrates how vulnerabilities within macOS applications could be exploited by adversaries to steal app permissions…
TALOS-2024-1972 CVE-2024-42220 Microsoft Outlook
TALOS-2024-1973 CVE-2024-42004 Microsoft Teams (work or school)
TALOS-2024-1974 CVE-2024-39804 Microsoft PowerPoint
TALOS-2024-1975 CVE-2024-41159 Microsoft OneNote
TALOS-2024-1976 CVE-2024-43106 Microsoft Excel
TALOS-2024-1977 CVE-2024-41165 Microsoft Word
TALOS-2024-1990 CVE-2024-41145 Microsoft Teams (work or school) WebView.app helper app
TALOS-2024-1991 CVE-2024-41138 Microsoft Teams (work or school) com.microsoft.teams2.modulehost.app…