Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Multiple vulnerabilities in Microsoft apps on MACOS

D

dmt43

macrumors regular
Original poster
Jul 28, 2023
104
19
This is not a new issue, and I know there are many vulnerabilities popping up all the time, but this has been on my mind. I have MS365 & use Word, Excel all the time on my iPad, Iphone, MAC. https://blog.talosintelligence.com/...r-macos-pave-the-way-to-stealing-permissions/ This is from that article:
  • Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system.
  • An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.
  • Permissions regulate whether an app can access resources such as the microphone, camera, folders, screen recording, user input and more. So if an adversary were to gain access to these, they could potentially leak sensitive information or, in the worst case, escalate privileges.
My concern is that MS isn’t/will not be fixing this and I don’t know how to protect myself. I am not very knowledgeable about MACs, messing with settings worries me bc I do not know what I’m doing (I was way more comfortable with my Windows machine). I had these instructions on checking permissions, don’t recall where I got them nor do I know if they’re right. I don’t know what I’m looking for or what I should change, if anything. Can anyone help me? Maybe I don’t even have to worry about this vulnerability….??? thanks! Donna
  • Go to Settings > Apps > Installed apps to check an app's permissions. Find the app in question, click the three horizontal dots to the right, and select Advanced Options from the pop-up menu to view its active permissions.
  • App permissions are under System Settings -> Privacy & Security, where you can check app permissions on a per permission basis. Nothing will be enabled if you haven’t previously allowed it by accepting a popup.
 
It's not something you should worry about. If someone can replace a library, it means they already have access to your computer usually. Loading third party plugins means loading arbitrary libraries from disk, it's a feature, not a bug (although I don't know if it's a feature that is still used today by Office).

As usual, make sure to avoid installing apps from untrusted sources.

P.S.: is that article written by an AI? It repeats the same concepts 20 times.
 
galad said:
It's not something you should worry about. If someone can replace a library, it means they already have access to your computer usually. Loading third party plugins means loading arbitrary libraries from disk, it's a feature, not a bug (although I don't know if it's a feature that is still used today by Office).

As usual, make sure to avoid installing apps from untrusted sources.

P.S.: is that article written by an AI? It repeats the same concepts 20 times.
Click to expand...
thank you galad! i will check that off my list of worries 🤣 I don’t know if the article was written by AI. This one has a ‘byline’ with the author’s name. I think it should be noted if something is produced by AI, but I doubt that will be the case. Welcome to the new world!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back