Alien Vault finds hackers targeting security hole in MS Office for Mac
Researchers have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users. The attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files, according to researchers at AlienVault, who discovered and analyzed the attacks.
"A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. When the victim opens the malicious Word file using Office for Mac, the shellcode writes the malicious payload on disk and executes it, and then opens a benign office file," Jaime Blasco of AlienVault wrote in an analysis of the attacks.