Mac Security Bypassed by Microsoft Office Applications
Insights from the Study
Francesco Benvenuto, Senior Researcher focusing on Vulnerabilities at Cisco Talos, expressed the following perspectives:
“Microsoft seems to leverage the entitlement `com.apple.security.cs.
Insights from the Study
Francesco Benvenuto, Senior Researcher focusing on Vulnerabilities at Cisco Talos, expressed the following perspectives:
“Microsoft seems to leverage the entitlement `com.apple.security.cs.disable-library-validation` for specific applications to facilitate certain types of ‘extensions’. As detailed by Apple, this entitlement permits the loading of third-party signed extensions. However, as of our knowledge, the only extensions accessible to Microsoft’s macOS applications are web-based, known as ‘Office add-ins.’
“If our interpretation is accurate, it prompts inquiries regarding the justification for disabling library validation, especially if no further libraries are anticipated to be loaded. By utilizing this entitlement, Microsoft is evading the protections provided by the fortified runtime, potentially subjecting its users to avoidable vulnerabilities.”
Insights from Professionals
Michael Covington, Vice President of Strategy at Jamf, characterized the support for third-party extensions utilized by Microsoft as a vulnerability within Apple’s security framework.
“This represents a significant weakness in applications that inherently necessitate authorizations to Apple’s regulated features, such as the camera or microphone, as users are predisposed to authorize such features for collaboration platforms like Microsoft Teams or note-taking utilities like OneNote. Fortunately, Microsoft has pledged to enhance these applications,” as conveyed to The Channel Company.
About Author
