- #Openoffice bug allows hackers to spoof Patch
- #Openoffice bug allows hackers to spoof upgrade
- #Openoffice bug allows hackers to spoof software
#Openoffice bug allows hackers to spoof Patch
However, LibreOffice developers released a patch less than two weeks after being notified. OpenOffice developers, however, do not appear to have issued any fixes and have not made any comments on the vulnerability. SecurityWeek has reached out to them more than one week ago, but received no response.ĪCROS Security’s 0patch service has released an unofficial patch for OpenOffice to address this vulnerability. The micropatch can be applied to the latest version of OpenOffice for Windows. Micropatches have been released for LibreOffice as well.Ġpatch has published a video showing an exploit attempt without and with the patch applied:Ġpatch this week also released a fix for an Adobe Reader vulnerability that had been unpatched. LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS SPOOF PATCHĪdobe released an official patch the next day.Do you use LibreOffice or OpenOffice? If so be aware that security updates have recently been issued due to the recent discovery of a major security flaw.
#Openoffice bug allows hackers to spoof software
Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice OctoRavie Lakshmanan The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they. This vulnerability allows an attacker to modify and manipulate documents so that it appears they have been signed by a trusted party.Īlthough the flaw that makes this possible has only been classified "Moderate" the reality is that the implications could be crippling. LIBREOFFICE OPENOFFICE BUG ALLOWS HACKERS SPOOF SOFTWARE Digital signatures are used as a means of verifying that the document in question is from a trusted source. As such the ability to spoof those signatures could easily open the floodgates allowing attackers to do untold harm to any business using either Libre- or OpenOffice. The OpenOffice flaw is being tracked as CVE-2021-41832 and the LibreOffice flaw is being tracked as CVE-2021-25635. For those who don't know LibreOffice is a fork of OpenOffice. An offshoot that was created decades ago.
That means that this flaw has roots that run deep.
It should be noted that neither of these applications are auto-updating. That means that unless you're very good about checking for new versions on a regular basis the version you're currently using is probably out of date.
#Openoffice bug allows hackers to spoof upgrade
Given the risks that these security flaws represent you should upgrade to the latest version as soon as possible.
If you are unable to upgrade whatever the reason a viable temporary solution would be to disable macros. This is because an invalid signature algorithm could still make a laced document appear as it comes from a trusted source.Īlso note that if you are running an older version you shouldn't rely on the "trusted list" functionality. Kudos to the developers for quickly addressing these security issues.
0 kommentar(er)
