Former NSA hacker Patrick Wardle found a security breach in Microsoft Office for Mac that can lead hackers to take control of the entire Mac. Wardle was able to gain access to the computer with just a simple Office document containing malicious codes.
As reported by Vice, the breach is based on the “macro” feature, which allows users to automate some tasks in Microsoft Office apps with custom commands and instructions. These attacks are common on Windows, but Wardle now demonstrates that something similar is possible on macOS as well.
While the attack requires user interaction to work, the hacker warns that some people might still allow it as they may not understand the risks.
To inject the malicious code, the hacker used different breaches and bugs that he found in Microsoft Office apps. He created a file in SLK format to bypass the macOS security system. Since this particular format is used by Microsoft Office, macOS doesn’t ask users if they really want to open the file, even if they have downloaded it from an unknown source.
Security researchers love these ancient file formats because they were created at a time when no one was thinking about security.
By creating a file that starts with the “$” character, malicious codes can break the Microsoft Office sandbox to access any other part of the operating system. The hacker demonstrates the malicious code by opening the Calculator app without user authorization through Microsoft Excel, but it can be used for other things.
What makes this attack less harmful is that Microsoft Office apps ask users if they really want to enable the macro feature.
However, as Wardle points out, some users don’t read system alerts, and they might click on any option just to skip the dialog box. That’s where hackers expect to get access to at least a few computers. “Humans are impatient, exploits don’t have to be,” he said. Wardle reached out to Apple to report the issue, but the company didn’t provide any response.
It’s just a little frustrating when, you know, again, us as security researchers are basically doing this free security research. And we do it because we believe that we can help increase the security of the ecosystem in the platform for ourselves as Mac users, but also other Mac users.
These security breaches are now fixed with the latest version of Microsoft Office for Mac and macOS Catalina 10.15.3. However, it can still affect users who don’t regularly install software updates. Microsoft told Vice that the company is in constant discussions with Apple to identify and solve problems like this one found by Wardle.