![]() ![]() If you’re still running an old and vulnerable version, you shouldn’t rely on the “trusted list” functionality as an invalid signature algorithm could still make a laced document appear as it comes from a trusted source. In the new dialog, you may select among four distinct levels of security, with High or Very High being the recommended options. ![]() ![]() LibreOffice settings menu to disable macros It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. To set macro security on LibreOffice, go to Tools → Options → LibreOffice → Security, and click on ‘Macro Security’. LibreOffice and OpenOffice released security updates to address a moderate-severity flaw that can allow attackers to manipulate documents to appear as signed by a trusted source. If updating to the latest version is not possible for any reason, you can always opt to completely disable the macro features on your office suite, or avoid trusting any documents containing macros.Īlso Read: What Is Data Sovereignty and How Does It Apply To Your Business? If you’re using Linux and the aforementioned versions aren’t available on your distribution’s package manager yet, you are advised to download the “deb”, or “rpm” package from the Download center or build LibreOffice from source. Since neither of these two applications offer auto-updating, you should do it manually by downloading the latest version from the respective download centers – LibreOffice, OpenOffice. For OpenOffice, that would be 4.1.10 and later, and for LibreOffice, 7.0.5 or 7.1.1 and later. If you’re using either of the open-source office suites, you’re advised to upgrade to the latest available version immediately. The same flaw impacts LibreOffice, which is a fork of OpenOffice spawned from the main project over a decade ago, and for their project is tracked as CVE-2021-25635.Īlso Read: How COVID-19 Contact Tracing in Singapore Applies at Workplace Addressing the risk The discovery of the flaw, which is tracked as CVE-2021-41832 for OpenOffice, was the work of four researchers at the Ruhr University Bochum. Its 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. “Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code. The digital signatures used in document macros are meant to help the user verify that the document hasn’t been altered and can be trusted. This article continues to discuss the security flaw discovered in OpenOffice and LibreOffice that hackers can exploit to fake signed documents as well as the updates released to address it.LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source.Īlthough the severity of the flaw is classified as moderate, the implications could be dire. The same flaw is tracked as CVE-2021-25635 for LibreOffice, a branch of OpenOffice created more than a decade ago from the main project. The flaw, which is tracked as CVE-2021-41832 for OpenOffice, was discovered by four researchers at the Ruhr University Bochum. The method of enabling anyone to sign macro-infested papers and make them appear trustworthy is effective at tricking unsuspecting users into running malicious code. The digital signatures used in document macros are supposed to help the user verify that the document has not been altered and can be trusted. The vulnerability is classified as mild in severity, but its exploitation could lead to severe consequences. OpenOffice and LibreOffice have pushed updates to address a vulnerability that could allow an attacker to spoof signed documents. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |