Six popular Microsoft apps for the Mac have security vulnerabilities that could allow a hacker to “gain any privileges already granted to the affected Microsoft applications,” according to a report by Cisco Talos.
The apps affected are Microsoft Excel, OneNote, Outlook, PowerPoint, Teams, and Word. Microsoft runs an entitlement that disables macOS’s hardened runtime, which provides security against Dynamically Linked Library hacks. This can allow a hacker to install malicious software into Microsoft’s apps.
“The attacker could send emails from the user account without the user noticing, record audio clips, take pictures or record videos without any user interaction,” according to Cisco Talos. The security firm stated that “Microsoft considers these issues low risk,” and that the company, “has declined to fix the issues.”
Microsoft has updated Teams and OneNote to address the entitlement issue, but the other apps still have the vulnerability.
How to protect yourself from hackers
Microsoft doesn’t seem willing to prioritize a fix for this issue, so users need to be conscientious. Don’t let unknown people access your Mac, and don’t plug in suspicious devices like USB drives. Check for software updates, since they may include security patches. If you purchased Microsoft Office through the App Store, you could check there for updates.
Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.
Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
