Popular Microsoft apps for Mac at risk of code injection attacks

How it works

The scope of the problem hinges on how macOS handles third-party app permissions. Usually, operating systems base these policies on the principles of discretionary access control (DAC), but this provides very limited protection against vulnerable software or malware running with user or root privileges.

Apple therefore goes further, securing access to some resources using a mechanism called Transparency, Consent and Control (TCC), which requires apps to obtain explicit human consent before accessing protected things such as the microphone, camera and so on.

This consent mechanism manifests to the user as a pop-up, which will be familiar to most Mac owners. That decision is then recorded for future reference, and can be changed via the device Privacy & Security settings in future if wanted.

Now, macOS also includes provisions to stop code injection by requiring apps distributed through the App Store to submit to sandboxing, which restricts access to resources that the app explicitly requests through entitlements – some of which are further governed by the user consent pop-up.

As an example, Benvenuto explained, a properly sandboxed app will prompt for camera access only if it has the camera entitlement set to ‘true’. If that entitlement isn’t present, it won’t be allowed, and the user won’t ever see a pop-up.

Notarised apps – those that have been checked by Apple’s scanners for dodgy components – are also required to enable hardened runtime to make them more resistant to code injection.

These apps, which include all the Microsoft ones in scope of the research, that may need to perform higher risk actions such as loading an untrusted library, must declare that intent through their entitlements. In this case, its developers need to set the disable library validation entitlement to ‘true’.

All together, these features are supposed to work together to provide enhanced protection for Mac users, However, if an attacker is able to inject a malicious code library into the process space of a running application, said library can then use all the permissions that have been granted to it.

So, as demonstrated by the research, the Microsoft apps in scope become vulnerable if they load a library that a threat actor compromised.

Responsible handling

Benvenuto said that to be truly effective – and secure – Apple’s model depends on applications responsibly handling their permissions.

“MacOS trusts applications to self-police their permissions. A failure in this responsibility leads to a breach of the entire permission model, with applications inadvertently acting as proxies for unauthorised actions, circumventing TCC and compromising the system's security model. This highlights the importance for applications to implement robust security measures to avoid becoming vectors for exploitation.”

Benvenuto went on to state that the Microsoft apps appear to be using the library validation entitlement to support plug-ins, which should mean plug-ins signed by third-party developers but in this instance, really seems to refer only to Microsoft’s own Office add-ins. He said this raised further questions about why Microsoft needed to disable library validation at all if no external libraries are expected to turn up.

“By using this entitlement, Microsoft is circumventing the safeguards offered by the hardened runtime, potentially exposing its users to unnecessary risks,” he wrote.

Eight vulnerabilities

The issues described by the Cisco Talos team have been assigned the following designations:

• CVE-2024-39804 in Microsoft PowerPoint;
• CVE-2024-41138 in Microsoft Teams (work or school) com.microsoft.teams2.modulehost.app;
• CVE-2024-41145 in Microsoft Teams (work or school) WebView.app helper app;
• CVE-2024-41159 in Microsoft OneNote;
• CVE-2024-41165 in Microsoft Word;
• CVE-2024-42004 in Microsoft Teams (work or school);
• CVE-2024-42220 in Microsoft Outlook;
• And CVE-2024-43106 in Microsoft Excel.

According to Benvenuto, Microsoft has said it considers these issue to be low risk, and it has supposedly declined to fix some of them because the apps need to allow loading of unsigned libraries to support the Office add-ins.

At the time of writing, both Teams and OneNote have had the problematic entitlement removed and are no longer vulnerable to exploitation. The others remain at risk.