Researchers discovered eight vulnerabilities in Microsoft applications for macOS, including Teams, Outlook, and Word, that could allow attackers to gain access to users’ microphones, cameras, and more. The vulnerabilities exploit permissions previously granted to the apps, enabling malicious actors to record video or audio without the user’s knowledge.
According to Cisco Talos, these issues arise from Microsoft’s unnecessary disabling of certain protections within macOS’s Hardened Runtime. While Microsoft has updated Teams and OneNote to remove the vulnerabilities, other apps like Excel and PowerPoint remain at risk. This oversight potentially exposes users to significant security threats.