Of course, they are blaming Microsoft, even though Office files with macros has been a pretty bog-standard attack vector for decades.
The latest one shared by security researcher Patrick Wardle has since been fixed. But it meant that a Mac user could potentially be infected just by opening a Microsoft Office file that has a bad macro in it.
“Apple fixed the exploit that Wardle used in macOS 10.15.3, so that particular vulnerability is no longer available for hackers to use, but it offers an interesting look at an emerging method of attack that we could see more of in the future”, said a gob smacked Apple Insider.
But the story is amusing as it required a really old Windows office format to deliver the macro.
"Security researchers love these ancient file formats because they were created at a time when no one was thinking about security", Wardle said.
After using the antiquated file format to get macOS to run a macro in Microsoft Office without letting the user know, he used another flaw that let a hacker escape the Microsoft Office Sandbox with a file that uses a $ sign. The file was a .zip file, which macOS didn't check against the notarisation protections that prevent users from opening files not from known developers.
The exploit required the targeted person to log in to their Mac on two separate occasions as logins trigger different steps in the exploit chain, which makes it less likely to happen, but as Wardle says, only one person needs to fall for it.
As Microsoft pointed out "any application, even when sandboxed, is vulnerable to misuse of these APIs", and that it is in contact with Apple to identify and fix issues as they arise.
“Mac users are not invulnerable to viruses and should exercise caution when downloading and opening files from unknown sources, and sometimes, even known sources. It's best to stay away from suspicious Office files and other files that have shady origins, even with the protections that Apple has built into macOS”, wrote Apple Insider… Duh!