Ex-NSA Hacker Uses Microsoft Office Exploit to Take Control of macOS Devices

4 years ago 148
BOOK THIS SPACE FOR AD
ARTICLE AD

macOS security researcher and former NSA hacker Patrick Wardle has discovered a new vulnerability that would have allowed a hacker to take control of a Mac device by using a simple Microsoft Office file. The researcher discovered that hackers could easily misuse the ‘macro' feature in Microsoft Office to take control of devices. Microsoft Office apps allow users to automate tasks with custom commands using the ‘macro' feature. While hacks exploiting Office features on Windows devices have been reported earlier, this is said to be the first time that a researcher has demonstrated a macro-enabled exploit working on macOS as well. The exploit has now been patched.

In a blog post, the security researcher explained using several breaches and bugs that were present in Microsoft Office to inject the malicious code on macOS devices. The researcher created a file in the age-old ‘SLK' format to sidestep the macOS security system. The researcher also created a file whose name started with the ‘$' character. This particular file with the malicious code was able to break the Microsoft Office sandbox and enable the researcher to access the macOS device. Wardle even published a video showing off how the malicious code was used to open the Calculator app through Microsoft Excel. The searcher says that this exploit could be used to access other things as well.

For the exploit to work, the ‘macro' feature has to be enabled by the user for its Microsoft Office apps. The researcher points that Microsoft Office asks users if they really want to enable the ‘automated task' feature, and users who don't look at system alerts and just click on any option to rush through dialog boxes, are often more prone to harm than others. “Humans are impatient, exploits don't have to be,” the researcher told Vice.

While Apple did not respond to Wardle's report of the newly discovered flaw, a Microsoft spokesperson told the publication, “The company has investigated and determined that any application, even when sandboxed, is vulnerable to misuse of these APIs. We are in regular discussion with Apple to identify solutions to these issues and support as needed.” Furthermore, Apple and Microsoft have fixed the flaw in macOS 10.15.3 and the latest version of Microsoft Office on Mac, respectively.


WWDC 2020 had a lot of exciting announcements from Apple, but which are the best iOS 14 features for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala Email Tasneem Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More

Related Stories

Read Entire Article