For those who run Microsoft’s Office for Mac, be warned of a new security hole that is being actively targeted by hackers. This new threat actually relies on a three-year old vulnerability in the way Office for Mac handles different types of Microsoft Word Files.
“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. When the victim opens the malicious Word file using Office for Mac, the shellcode writes the malicious payload on disk and executes it, and then opens a benign office file,” Kaspersky Labs reports.
All it takes is for the attacker to send a malicious Word document to a user and wait for the user to open the document, at which point the victims computer will be in complete control by the hacker. So the best way to avoid this for now until Microsoft issues a patch? Just avoid opening attachments or files that are from unknown or untrustworthy senders. This goes to show you that no matter what the operating system, hackers will still try to do what they do best.