Security News > 2020 > August > Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros

A new "Zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros.
The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval - meaning that when a user opens the document, the macro is automatically executed.
Apple patched the flaws with the release of MacOS 10.15.3, but told Wardle "This issue does not qualify for a CVE." Microsoft meanwhile told Wardle that the exploit chain was an issue "On the Apple side."
Microsoft also debuted a feature that sandboxed more recent versions of Microsoft Office applications that are running on modern versions of macOS - so even if macros are inadvertently allowed to run, they will find themselves running in a highly restrictive sandbox.
What this exploit chain means for an end user is that if they receive a Microsoft Office document and attempt to open it, the executable will automatically run: "Triggered by simply opening a malicious Office document, no alerts, prompts nor other user interactions were required in order to persistently infect even a fully-patched macOS Catalina system," Wardle said.
News URL
https://threatpost.com/black-hat-zero-click-macos-exploit-chain-microsoft-office-macros/158112/
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)