Skip to main content

All you need to hijack a Mac is an old Office document and a .zip file

posted onAugust 9, 2020
by l33tdawg
Flickr
Credit: Flickr

A sequence of interconnected bugs could allow hackers to hijack devices running on macOS using little more than an infected Office document and a .zip file, an expert has warned.

The vulnerability was identified by ex-NSA researcher Patrick Wardle, now working for security firm Jamf, who found that even fully-patched macOS Catalina systems were at risk.

The exploit uses a rigged Office document, saved in an archaic format (.slk), to trick the target machine into allowing Office to activate macros without consent and without notifying the user. The attack then takes advantage of two further vulnerabilities in order to seize control of the machine. By including a dollar sign at the start of the filename, a hacker can break free of the restrictive Office sandbox, while compressing the file within a .zip folder bypasses macOS controls that prevent downloaded items from accessing user files.

Source

Tags

Security Apple

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th