SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : Computer Learning

 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
From: Zen Dollar Round8/20/2024 10:47:24 PM
   of 110315
 
Microsoft app vulnerabilities

The Register notes a report from Cisco Talos about Microsoft apps that bypass some of Apple’s macOS security systems, enabling potential exploitation by malware.
Multiple flaws in Microsoft macOS apps unpatched despite potential risks

Cisco Talos says eight vulnerabilities in Microsoft’s macOS apps could be abused by nefarious types to record video and sound from a user’s device, access sensitive data, log user input, and escalate privileges. The vulnerabilities exist across Excel, OneNote, Outlook, PowerPoint, Teams, and Word, but Microsoft told Talos it won’t be fixing them. … Despite designating these vulnerabilities low-risk status and refusing to patch them, Microsoft has since updated its Teams apps, and OneNote, removing the entitlement that allowed library injection, essentially mitigating the bugs. The Office apps were left untouched, though, and to Benvenuto remain unnecessarily vulnerable.
Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks

Widely used Microsoft apps for macOS are vulnerable to library injection attacks that let adversaries use the applications’ entitlements to bypass macOS’s strict permission-based security model and controls.

Attackers can abuse the vulnerable apps to execute a variety of malicious actions — like surreptitiously sending emails from a user’s account or recording audio and video clips — without the user’s knowledge and without the need for any user interaction.

Researchers from Cisco Talos recently discovered the issues when researching the exploitability of Apple’s Transparency, Consent and Control ( TCC) framework for managing and enforcing privacy settings on user data and various system services on macOS systems

Link: macintouch.com
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext