SC Media reports that Microsoft Outlook, Teams, Word, Excel, PowerPoint, and OneNote for macOS were impacted by eight security flaws, which could be utilized to evade available app permissions in the operating system even without further user verification.
Exploitation of the vulnerabilities could provide additional privileges that enable covert email delivery, photo capturing, and audio and video recording activities, according to Cisco Talos researchers, who identified and reported the issues to Microsoft.
While Microsoft refused to remediate the "low risk" bugs, such flaws — which significantly increase the risk of malicious code injection injections, data exfiltration, and surveillance — should prompt organizations to focus on robust access controls, app permission restrictions, and app updates, said Salt Security Director of Cybersecurity Strategy Eric Schwake.
Such issues were also noted by Sectigo Vice President of Product Jason Soroko to highlight the importance of Microsoft app permission and entitlement evaluation among security teams, as well as coordination between software vendors and Apple.