![]() You shouldn’t depend on the “trusted list” capability if you’re still running an outdated and vulnerable version since an incorrect signature algorithm may still make a laced document appear to come from a trusted source. You may choose from four different degrees of security in the new dialog, with High or Very High being the preferred selections. To enable macro security in LibreOffice, go to Tools → Options → LibreOffice → Security, and click on ‘Macro Security.’ If you can’t update to the current version for whatever reason, you may permanently disable the macro capabilities in your office suite or avoid trusting any documents that include macros. In that case, you should either download the “deb” or “rpm” package from the Download center or build LibreOffice from the source. Suppose you’re running Linux and the versions mentioned above aren’t yet available through your distribution’s package manager. The auto-updating feature is absent in both applications, so you should manually update to the most recent version. That would be OpenOffice 4.1.10 and later, and LibreOffice 7.0.5 or 7.1.1 and later. If you’re using one of the open-source office suites, you should update to the most recent version right away. The same problem affects LibreOffice, a branch of OpenOffice created from the original project over a decade ago, and is listed as CVE-2021-25635 for their project. Document macros employ digital signatures to let users verify that the document hasn’t been tampered with and can be trusted.Īllowing anybody to sign macro-infested papers and make them look trustworthy is an excellent method to trick people into launching malicious malware.įour researchers from Ruhr University Bochum discovered the OpenOffice issue and assigned the number CVE-2021-41832. ![]() LibreOffice and OpenOffice have released fixes to tackle an issue that allows hackers to make documents look as if they were signed by a trustworthy source.Įven though the vulnerability is not placed in the ‘High’ severity category being rated as moderate, the consequences could be disastrous.Updates for LibreOffice and OpenOffice have been released to address a security flaw that allows an attacker to make documents seem to be signed by a trusted source.Īlthough the vulnerability is classed as mild in severity, the consequences might be severe. The digital signatures used in document macros are intended to assist the user in determining whether or not a document has been modified and can be trustworthy.Īllowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code. Ruhr University Bochum’s cybersecurity researchers were the first to notice this vulnerability in OpenOffice, which has been tracked as CVE-2021-41832. The same issue affects LibreOffice, a project fork of OpenOffice that originated from the main project over ten years ago and is recorded as CVE-2021-25635 for their project. For LibreOffice – 7.0.5 or 7.1.1 and later.Those using at least one of the open-source office suites are recommended to update to the most recent version as quickly as possible. Users will have to do the updates manually by downloading the newest version from the LibreOffice, OpenOffice download centers, as neither LibreOffice nor OpenOffice apps provide auto-updating. Those using Linux who don’t have the versions mentioned above available on their distribution’s package manager yet are urged to download the “deb”, or “rpm” package from the Download center or build LibreOffice from source. Those who can’t update to the newest version can always disable the macro features in their office suite or avoid trusting any documents that contain macros.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |