Using reputable brands of trusted software on the best MacBooks reduces the likelihood of encountering hackers However, this is not always the case, as security flaws in common software can be exploited by hackers in their attacks
As reported by The Record, security researchers at Cisco Talos found eight new vulnerabilities in one of the most popular software suites: Microsoft Office If exploited by an attacker, these flaws in Word, Excel, PowerPoint, OneNote, Outlook, and even Microsoft Teams could be used to gain access to a Mac's microphone, camera, folders, etc
Here are the vulnerabilities that Microsoft has fixed so far, as well as tips and tricks to protect your Mac and your data from hackers
Having a serious flaw in popular software like Microsoft Office may sound alarming, but fortunately, hackers can only use these vulnerabilities for attacks if potential victims have given these apps specific permissions in advance only if they have been given them
In a blog post, Cisco Talos researchers explain that for this attack to work, Mac users must have given the apps comprising Microsoft Office and Microsoft Teams permission to access device resources If so, however, hackers could gain unauthorized access to the Mac's microphone and camera and secretly record audio and video without its knowledge They could also record the victim's screen and typed keystrokes
All eight of these vulnerabilities are related to a technique known as library injection, which macOS defends against using Apple's Hardened Runtime This restricts the loading of dangerous libraries that may contain malicious code or malware
Because this security feature can prevent some apps from working as intended, Apple offers a workaround that developers can use by adding an entitlement to certain apps that allows them to disable certain protections This ensures that the app works as it should, but these additional entitlements can also be exploited by hackers
In the case of Microsoft, app entitlements allow plug-ins signed by third-party developers to be loaded However, as Cisco noted in its study on the issue, the only such plug-ins available for the software giant's macOS apps are web-based “Office add-ins”
Microsoft has already updated its Teams and OneNote apps for macOS despite classifying these vulnerabilities as low risk However, Excel, Outlook, PowerPoint, and Word have not yet been patched
Normally, we would warn you about downloading dangerous apps and files, but in this case, even if you are paying close attention online, you may still be at risk Therefore, the best and easiest way to protect yourself from attacks that take advantage of these vulnerabilities is to keep your Mac and the software on it updated
Software updates can certainly be annoying, but hackers often prey on users with outdated applications, so routinely checking for new updates and installing them as soon as they become available is an extra time worth it However, since Microsoft has yet to update its most popular Office apps, there are a few other steps you can take in the meantime
Macs have built-in security software called XProtect, but you should also consider using one of the best Mac antivirus software solutions along with it Paid antivirus software is updated more regularly to protect you from the latest threats and often comes with additional permissions like VPNs and password managers to help keep you even more secure online
We have asked Microsoft for comment on these vulnerabilities and will update this article when we hear back Until then, however, we want to make sure our Microsoft apps are up-to-date and install patches as soon as possible when they are available
Comments