![]() To enable macro security in LibreOffice, go to Tools → Options → LibreOffice → Security, and click on ‘Macro Security.’ If you can’t update to the current version for whatever reason, you may permanently disable the macro capabilities in your office suite or avoid trusting any documents that include macros. In that case, you should either download the “deb” or “rpm” package from the Download center or build LibreOffice from the source. Suppose you’re running Linux and the versions mentioned above aren’t yet available through your distribution’s package manager. The auto-updating feature is absent in both applications, so you should manually update to the most recent version. That would be OpenOffice 4.1.10 and later, and LibreOffice 7.0.5 or 7.1.1 and later. If you’re using one of the open-source office suites, you should update to the most recent version right away. The same problem affects LibreOffice, a branch of OpenOffice created from the original project over a decade ago, and is listed as CVE-2021-25635 for their project. ![]() Document macros employ digital signatures to let users verify that the document hasn’t been tampered with and can be trusted.Īllowing anybody to sign macro-infested papers and make them look trustworthy is an excellent method to trick people into launching malicious malware.įour researchers from Ruhr University Bochum discovered the OpenOffice issue and assigned the number CVE-2021-41832. Users of LibreOffice and OpenOffice are advised to update to the latest version to mitigate the risk associated with the flaws.Updates for LibreOffice and OpenOffice have been released to address a security flaw that allows an attacker to make documents seem to be signed by a trusted source.Īlthough the vulnerability is classed as mild in severity, the consequences might be severe. The findings are the latest in a series of flaws uncovered by the Ruhr-University Bochum researchers and follow similar attack techniques disclosed earlier this year that could potentially enable an adversary to modify a certified PDF document's visible content by displaying malicious content over the certified content without invalidating its signature. The Chair for Network and Data Security ( NDS) at the Ruhr-University Bochum has been credited with discovering and reporting all three issues. The weaknesses have been fixed in OpenOffice version 4.1.11 and LibreOffice versions 7.0.5, 7.0.6, 7.1.1 as well as 7.1.2. In both the latter two attack scenarios - stemming as a result of improper certificate validation - LibreOffice incorrectly displays a validly signed indicator suggesting that the document hasn't been tampered with since signing and presents a signature with an unknown algorithm as a legitimate signature issued by a trusted party. Successful exploitation of the vulnerabilities could permit an attacker to manipulate the timestamp of signed ODF documents, and worse, alter the contents of a document or self-sign a document with an untrusted signature, which is then tweaked to change the signature algorithm to an invalid or unknown algorithm. CVE-2021-41832 / CVE-2021-25635 - Content Manipulation with Certificate Validation Attack.CVE-2021-41831 / CVE-2021-25634 - Timestamp Manipulation with Signature Wrapping.CVE-2021-41830 / CVE-2021-25633 - Content and Macro Manipulation with Double Certificate Attack.The list of the three flaws is as follows. The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |