reveal an attack using Microsoft Office that can affect the Mac
Patrick Wardle, a security researcher today published an exploit that using Microsoft Office could put the security of a Mac at risk. The bug used is fixed now, but it is still an interesting case and, above all, a reminder of the importance of keeping our devices up to date.
An unlikely but interesting attack
As published by Motherboard, the attack focuses, once again, in macros that can be embedded in Office documents. Until now this technique was mainly present on Windows, but for a certain period of time it has also been present on Mac.
During the security conference Black Hat Wardle has revealed an attack whereby using an outdated file format could force Microsoft Office to run a macro without alerting the user. Then, thanks to the use of the $ symbol, the researcher managed to escape from the Office sandbox and could execute code like in the video that we see below where the Calculator app is opened.
From here the attack requires the user to log into the Mac on two separate occasions, since the login triggers the different stages of the attack, which, on the other hand, makes it quite ineffective.
The researcher contacted Microsoft and Apple so they could fix this bug, a fix that arrived in macOS 10.15.3. One more episode that reminds us that updates to our devices go way beyond new features to resolve errors that may otherwise put our security at risk.