An attacker could use a Microsoft Office document with macros to deliver malware to a macOS user, according to Jamf security researcher Patrick Wardle. The attack would bypass security measures that Microsoft and Apple have installed to protect MacOS users from malicious macros. When a macOS user opens the malicious document, the macro is automatically executed.
- Apple patched the bugs in the latest version of macOS, 10.15.3, while Microsoft said the problem was with Apple.
- Office macros are often abused by attackers to deploy malicious payloads.
- Last year, Mimecast researchers discovered an attack technique that exploited Microsoft Excel macros for malicious purposes.