What the researchers said
Francesco Benvenuto, Sr. Vulnerability Researcher with Cisco Talos, wrote:
“Microsoft appears to use the com.apple.security.cs.disable-library-validation entitlement for certain apps to support some kind of ‘plug-ins.’ According to Apple, this entitlement allows the loading of plug-ins signed by third-party developers. Yet, as far as we know, the only ‘plug-ins’ available to Microsoft’s macOS apps are web-based and known as ‘Office add-ins.’
“If this understanding is correct, it raises questions about the necessity of disabling library validation, especially if no additional libraries are expected to be loaded. By using this entitlement, Microsoft is circumventing the safeguards offered by the hardened runtime, potentially exposing its users to unnecessary risks.”
What experts say
Michael Covington, Jamf VP of strategy, describes the third-party plug-in support Microsoft has used as a weakness in Apple’s own security.
“This is a noteworthy flaw in apps that naturally require permissions to Apple’s controlled resources, like the camera or microphone, because users are inclined to grant such permissions to collaboration tools like Microsoft Teams or logging tools like OneNote. Fortunately, Microsoft agreed to update these applications,” he told The Channel Company.
