Microsoft Office Exploit Used to Hack macOS Devices, Fix Released

Apple and Microsoft have fixed the flaw in macOS 10.15.3 and the latest version of Office on Mac, respectively.

Microsoft Office Exploit Used to Hack macOS Devices, Fix Released

Researcher used the age-old SLK format to perform the exploit

  • Microsoft Office SLK format is used to sidestep the macOS security system
  • Former NSA hacker Patrick Wardle was able to discover this exploit
  • Apple has offered no response to Wardle’s reports of the new flaw

macOS security researcher and former NSA hacker Patrick Wardle has discovered a new vulnerability that would have allowed a hacker to take control of a Mac device by using a simple Microsoft Office file. The researcher discovered that hackers could easily misuse the ‘macro' feature in Microsoft Office to take control of devices. Microsoft Office apps allow users to automate tasks with custom commands using the ‘macro' feature. While hacks exploiting Office features on Windows devices have been reported earlier, this is said to be the first time that a researcher has demonstrated a macro-enabled exploit working on macOS as well. The exploit has now been patched.

In a blog post, the security researcher explained using several breaches and bugs that were present in Microsoft Office to inject the malicious code on macOS devices. The researcher created a file in the age-old ‘SLK' format to sidestep the macOS security system. The researcher also created a file whose name started with the ‘$' character. This particular file with the malicious code was able to break the Microsoft Office sandbox and enable the researcher to access the macOS device. Wardle even published a video showing off how the malicious code was used to open the Calculator app through Microsoft Excel. The searcher says that this exploit could be used to access other things as well.

For the exploit to work, the ‘macro' feature has to be enabled by the user for its Microsoft Office apps. The researcher points that Microsoft Office asks users if they really want to enable the ‘automated task' feature, and users who don't look at system alerts and just click on any option to rush through dialog boxes, are often more prone to harm than others. “Humans are impatient, exploits don't have to be,” the researcher told Vice.

While Apple did not respond to Wardle's report of the newly discovered flaw, a Microsoft spokesperson told the publication, “The company has investigated and determined that any application, even when sandboxed, is vulnerable to misuse of these APIs. We are in regular discussion with Apple to identify solutions to these issues and support as needed.” Furthermore, Apple and Microsoft have fixed the flaw in macOS 10.15.3 and the latest version of Microsoft Office on Mac, respectively.

WWDC 2020 had a lot of exciting announcements from Apple, but which are the best iOS 14 features for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Apple, Microsoft, Microsoft Office, macOS
Canon Hit by Maze Ransomware Attack, Image.Canon Service Down: Report
Oppo A52 8GB RAM Variant Launched in India as a Part of Amazon Prime Day 2020 Sale
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2022. All rights reserved.