Security researchers at Microsoft have discovered new malware that exploits an old bug in Microsoft Office; but rather than attacking PCs, it actually targets Mac OS X machines.
The vulnerability, which was ranked as critical when it was discovered and patched in 2009, allows attackers to execute remote code — essentially allowing them to take control of a machine. According to threat researcher Jeong Wook (Matt) Oh, new malware utilising the vulnerability has likely surfaced now, because not all machines are kept up to date, indicating that malware authors are taking advantage of users' reluctance to patch.
The malware is ranked as severe by Microsoft, which has called it MasOS-X/MS09-027.A, using the naming convention of its security updates. Due to the way that the exploit code is loaded into memory, and how OS X Lion protects certain segments of memory, the exploit fails under Lion. But Snow Leopard and earlier versions do not protect the area of memory that the malware targets, and are also vulnerable if Office for Mac is not patched.
For more on this ZDNet UK-selected story, see Office flaw used in OS X-targeted attack on ZDNet Australia.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.