Security News > 2020 > August > Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros
A new "Zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros.
The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval - meaning that when a user opens the document, the macro is automatically executed.
Apple patched the flaws with the release of MacOS 10.15.3, but told Wardle "This issue does not qualify for a CVE." Microsoft meanwhile told Wardle that the exploit chain was an issue "On the Apple side."
Microsoft also debuted a feature that sandboxed more recent versions of Microsoft Office applications that are running on modern versions of macOS - so even if macros are inadvertently allowed to run, they will find themselves running in a highly restrictive sandbox.
What this exploit chain means for an end user is that if they receive a Microsoft Office document and attempt to open it, the executable will automatically run: "Triggered by simply opening a malicious Office document, no alerts, prompts nor other user interactions were required in order to persistently infect even a fully-patched macOS Catalina system," Wardle said.
News URL
https://threatpost.com/black-hat-zero-click-macos-exploit-chain-microsoft-office-macros/158112/
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft investigates OneDrive issue causing macOS app freezes (source)