Regardless of whether you use a Windows computer or a Mac, it’s almost impossible to avoid using Microsoft applications like Word, Excel, Outlook, and Teams. However, on Apple Macs, these applications may be vulnerable to hackers due to an unpatched loophole, allowing them to obtain personal data.
Even worse, Microsoft does not consider this a threat worth fixing.
Cisco Talos, a cybersecurity research group, discovered security vulnerabilities in Excel, OneNote, Outlook, PowerPoint, Teams, and Word, which allow hackers to inject malicious code into these applications, thereby gaining access to personal information.
Researchers pointed out, “We found eight security vulnerabilities in multiple Microsoft applications on macOS. Through these vulnerabilities, hackers can exploit existing application permissions, bypassing the operating system’s permission control mechanism without needing user consent again.”
For example, hackers could design malware to secretly read your emails or monitor your internet activity. However, Microsoft sees these security vulnerabilities as “low risk” and refuses to patch certain vulnerabilities in its applications.
“Microsoft considers these issues low risk. They argue that some applications need to allow loading unsigned libraries to support plugin functionality, and hence have decided not to fix these issues,” stated the Cisco Talos research team.
While Microsoft has updated the Teams and OneNote applications on macOS to change how they handle database validation permissions, Excel, PowerPoint, Word, and Outlook remain vulnerable to attacks.
According to Fox News, in this scenario, there is little one can do to protect themselves unless Microsoft patches the vulnerabilities. However, here are some steps that can be taken to mitigate the risks as much as possible.
1. Keep applications updated: Regularly check and update your Microsoft applications through the Mac App Store or Microsoft AutoUpdate tool. While not every security vulnerability may be patched, these updates often contain critical security patches that help reduce the risk of malicious attacks.
2. Limit permissions: Go to macOS settings and review the permissions granted to Microsoft applications. Unless absolutely necessary, disable permissions for accessing sensitive data such as camera, microphone, contacts, and calendar. Here are the steps:
Click on the Apple menu in the top right corner of the screen and select “System Preferences.”
In the System Preferences window, scroll down and choose “Privacy & Security” from the sidebar.
In the Privacy & Security section, you will see various categories including camera, microphone, contacts, and calendar. Click on these categories to check which applications have permission to use them.
If you feel that authorization is unnecessary, uncheck to revoke their permission. For instance, if you rarely use the camera function in Teams, you can revoke its permission.
For each category, locate the Microsoft applications (such as Microsoft Teams, Outlook), and unless necessary, uncheck to revoke their permission.
Close the System Preferences window to save the changes made. Unless you authorize them again in the future, the applications will not have access to the specified data.
These steps help ensure that the use of sensitive data by Microsoft applications on macOS is restricted, thereby enhancing privacy protection and security.
3. Consider alternatives: If security is a concern, consider using Apple’s alternative office software that is less vulnerable to these loopholes, such as Pages, Numbers, and Keynote. These are designed for macOS and offer robust security features. These applications can respectively replace Word, Excel, and PowerPoint.