This is the first time a researcher has demonstrated a macro-enabled Microsoft Office exploit working on macOS.
Could a Mac device be hacked with the help of just a Microsoft Office file? Well, a macOS security researcher and former NSA hacker Patrick Wardle has revealed a new vulnerability that allows hackers to gain access to Mac devices through a simple Microsoft Office file. Hackers looking to get through the Mac systems can do so by using Microsoft Office’s ‘macro’ function, Patrick Wardle has assessed.
Microsoft Office apps allow users to use the ‘macro’ function to automate tasks with custom commands. Although earlier reports have been published about exploits exploiting Office features on Windows apps, this is said to be the first time a researcher has demonstrated a macro-enabled exploit working on macOS as well. The exploit is now patched.
The macOS security researcher has explained the ways hackers can exploit to load malicious codes on macOS devices using several breaches and bugs that were present in Microsoft Office. To sidestep the macOS security system, the researcher created a file in age-old ‘SLK’ format. The researcher also created a file whose name began with the character.” This particular file with the malicious code could break the sandbox in Microsoft Office and allow the researcher to access the macOS device. Wardle also released a video showing how Microsoft Excel had used the malicious code to open the Calculator app. The search engineer says this exploit could also be used to access other things.
Apple is yet to comment on the issue of vulnerability of Mac devices revealed by the security research agency, Microsoft has said that the company is in deep discussion with Apple and will provide all the necessary steps needed to eradicate these vulnerabilities. Notably, the flaws in the security systems of Mac devices pointed out by Patrick Wardle has been fixed in the latest version of Microsoft Office for Mac devices– macOS 10.15.3.