Microsoft's decision not to fix eight vulnerabilities in its macOS applications poses significant risks, as these can be exploited to access sensitive data and escalate privileges.
Francesco Benvenuto noted, 'Microsoft considers these issues low risk, claiming that some applications need to allow loading of unsigned libraries for plugin support, which explains their reluctance to fix the vulnerabilities.'
Apple's TCC framework operates on an entitlement basis. Developers enable needed entitlements, prompting user consent when accessing sensitive resources like cameras and microphones, ensuring transparency.
Talos suggests that once user permissions are granted through the macOS system settings, they remain active unless manually altered, which could be manipulated by attackers leveraging these app vulnerabilities.
Collection
[
|
...
]