In the past, you were able to use injection-based native plugins in Outlook for Mac on any macOS version.
I use Zoom & Webex, how does this affect me? In order to continue using services like Zoom and Webex, you will need to migrate your users to the supported add-ins from the Microsoft Store. With this change, Microsoft and Apple will also block the Zoom & Webex plugins in Outlook for Mac for both Microsoft 365 and Outlook 2019. With the release of MacOS Mojave and Catalina, Apple blocked most injection-based plugins from running due to security & stability concerns. We are reaching out to customers who use injection-based native plugins so that they are informed and can work on a plan to migrate to the Office Web Add-ins available through AppSource, Centralized Deployment, or sideloading. Please continue to migrate to the supported add-ins if you use either Zoom or Webex. We have instead, worked with Apple, to only block certain plugins in the next major macOS release (12.x). This version will likely go live sometime in the Fall of 2021. Thus, we will no longer block all Injection-based plugins. This would block core workflows for our customers that use these plugins. In April 2020, when pandemic remote working led to a 500% increase in daily traffic to the Zoom download page, some critics said the company’s software was “a privacy disaster” and even malware.Updated on May 25th, 2021: We have recently been made aware of certain Data Loss Prevention plugins that do not have add-ins replacements available.
It is not the first time Zoom’s focus on frictionless use has led to a security hole. Normally, the company tries to ensure that is safe by limiting the installer to only operate on code that has been cryptographically signed by Zoom, but the bug discovered by Wardle means that an attacker could trivially bypass that protection and convince the installer to load and run any malware they want. In order to make the user journey simpler, the installer continues to run in the background from the moment a user first installs zoom, and does so with “superuser” privileges, allowing it to change anything about the computer. It targets the Zoom installer, which the company uses to enable frictionless automatic updates. Discovered by an independent security researcher, Patrick Wardle – whose brother Jeremy invented the popular game Wordle – the vulnerability was first presented at the Def Con hacking conference in Las Vegas last week.
0 kommentar(er)
