Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
“If successful, the adversary could gain any privileges already granted to the affected Microsoft applications,” Cisco Talos said. “For example, the attacker could send emails from the user account without the user noticing, record audio clips, take pictures, or record videos without any user interaction.”
The shortcomings span various applications such as Outlook, Teams, Word, Excel PowerPoint, and OneNote.
Leave a reply