A new zero-click MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect Mac users from malicious macros. Apple patched the flaws with the release of MacOS 10.15.3, but told researcher Patrick Wardle this issue does not qualify for a CVE . Microsoft meanwhile told Wardle that the exploit chain was an issue on the Apple side
Source: https://threatpost.com/black-hat-zero-click-macos-exploit-chain-microsoft-office-macros/158112/