Microsoft Office hack that used in Mac OS

All Mac OS users have been shocked when there is an attack via Microsoft Office files such as Words, Excel, Powerpoint that have macros been embedded in the document’s files. Rest assured to all users because the bugs been discovered by Patrick Wardle, a Security Researchers, and have been fixed around last week.

The details of the bug can be seen as follows:

CVE SCORE: CVE-2019-1457
Severity Level: High Severity
Base score: 7.8
CVSS 3.1 Score: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

As the current [macros-based] attacks are lame… I wanted to make them ‘better’ to raise awareness about this attack vector, and also highlight how it could easily be worse, I found a sandbox escape and a bypass of Apple’s new notarization requirements and combined that with another zero-day (from another researcher) to make a full ‘zero-click’ exploit chain.

Patrick Wardle told Threatpost
Credit: Patrick Wardle

The picture below (credit to Patrick Wardle) will show on the flow of the full exploit chain that happens with Microsoft Office macros. The function of macros is a must whenever using Microsoft Office whether using Windows, Linux, and Mac OS.

macOS exploit chain
Credit: Patrick Wardle

Security researchers love these ancient file formats because they were created at a time when no one was thinking about security

Patrick Wardle told Motherboard

For further information on how on the exploit works for this vulnerability, Patrick Wardle have shared the finding on his blog post. He also highlighted during Black Hat Security Online Conference.

Reference: Security Researcher Shows Off Now-Fixed macOS Hack That Used Microsoft Office, Patrick Wardle’s Blog: Office Drama on macOS