LibreOffice, OpenOffice bug allows hackers to spoof signed docs
1 min read
Oct 12, 2021
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. "Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code."
Although the severity of the flaw is classified as moderate, the implications could be dire. The digital signatures used in document macros are meant to help the user verify that the document hasn’t been altered and can be trusted.
The discovery of the flaw, which is tracked as CVE-2021-41832 for OpenOffice, was the work of four researchers at the Ruhr University Bochum.
The same flaw impacts LibreOffice, which is a fork of OpenOffice spawned from the main project over a decade ago, and for their project is tracked as CVE-2021-25635.
Related Articles
1 - 0 min read
Linux Kernel 6.7 Released with Various Security Improvements
1 - 0 min read
Ubuntu Tool Could Trick Users Into Installing Rogue Packages
1 - 0 min read
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
1 - 0 min read
Fake F5 BIG-IP Zero-Day Warning Emails Push Data Wipers
1 - 0 min read
Debian and Ubuntu Fix More OpenSSH Vulnerabilities
