Microsoft maliciousness    
 
Microsoft today released updates to its popular Office suite for the Macintosh that “enhance security and stability.” Among other items, the updates include “fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code.”
 
Assumedly the attacker would create an Office document (Word, Excel or PowerPoint) that would execute the “attack” when opened. Although the release notes don’t say this, in theory, the “malicious code” would then be executed somehow and an attacker could take control of your Mac. Putting things in perspective, however, keep in mind that Office documents are cross-platform, so this malicious code would almost always be Windows-specific, and thus the worst thing that would happen on the Mac is that the Office application would crash (that’s never been known to happen before, has it?).
 
Nonetheless, the fact that Office documents are both cross-platform and popular has led to them being passed around the Internet quite regularly, mainly via email. So, before opening an Office document you receive in this way, you should make sure to install the update, just in case (better yet, unless you’re expecting the document, don’t open it at all without contacting the sender first). As Macs get more popular, there could easily be OSX-specific attacks launched through vulnerabilities like this. It would be more than a little ironic if the first major Mac Internet attack was enabled through a Microsoft product.
Tuesday, October 10, 2006