We identified eight vulnerabilities in various Microsoft applications for macOS, through which an attacker could bypass the operating system's permission model by using existing app permissions without prompting the user for any additional verification.
If successful, the adversary could gain any privileges already granted to the affected Microsoft applications. Microsoft considers these issues low risk, and some of their applications need to allow loading of unsigned libraries to support plugins and have declined to fix the issues.
This situation points to a key aspect: macOS trusts applications to self-police their permissions. A failure in this responsibility leads to a breach of trust and potential exploitation.
For instance, if a video chat app with camera and microphone access is exploited, it could be forced to record without alerting the user.
Collection
[
|
...
]