Malware uses Office flaw to target Mac OS X

Malware uses Office flaw to target Mac OS X

Summary: Microsoft has warned of new malware that exploits an old flaw in Office to attack Mac OS X machines

SHARE:
TOPICS: Security
0

Security researchers at Microsoft have discovered new malware that exploits an old bug in Microsoft Office; but rather than attacking PCs, it actually targets Mac OS X machines.

The vulnerability, which was ranked as critical when it was discovered and patched in 2009, allows attackers to execute remote code — essentially allowing them to take control of a machine. According to threat researcher Jeong Wook (Matt) Oh, new malware utilising the vulnerability has likely surfaced now, because not all machines are kept up to date, indicating that malware authors are taking advantage of users' reluctance to patch.

The malware is ranked as severe by Microsoft, which has called it MasOS-X/MS09-027.A, using the naming convention of its security updates. Due to the way that the exploit code is loaded into memory, and how OS X Lion protects certain segments of memory, the exploit fails under Lion. But Snow Leopard and earlier versions do not protect the area of memory that the malware targets, and are also vulnerable if Office for Mac is not patched.

For more on this ZDNet UK-selected story, see Office flaw used in OS X-targeted attack on ZDNet Australia.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion