APPLE + MICROSOFT EXCEL SECURITY PROBLEM? NO!
PING!
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
Posted on 08/07/2020 7:06:01 AM PDT by Red Badger
A security expert revealed this week that an exploit commonly used against Windows users who own Microsoft Office can sneak into MacOS systems as well.
A former NSA security specialist who addressed the Black Hat security conference this week summarized his research into the new use for a very old exploit.
Patrick Wardle explained that the exploit capitalizes on the use of macros in Microsoft Office. Hackers have long used the approach to trick users into granting permission to activate the macros, which in turn surreptitiously launch malicious code.
But Wardle noted that attacks against Mac systems using such macros began occurring around 2017. In 2018, the internet security company Kaspersky uncovered evidence that North Korean hackers infected a cryptocurrency exchange in what was believed to be the first such assault on a MacOS system. Hackers residing under the world's most repressive regime may have earned up to $2 billion in cryptocurrency hacks, according to a report released why the United Nations last year.
The hacks rely on the use of two additional weak spots, one a nearly 30-year-old file format little used in recent years. While Microsoft Office generally prompts users before a macro is executed, the old SYLK Excel file format (.SLK) does not trigger a prompt. Thus, it can be used to bypass a line of security.
Wardle noted that Microsoft Office handles code for old files differently than code for newer ones.
When researchers alerted Apple to the .SLK vulnerability last year, Wardle said, Microsoft declined to issue a patch, asserting that malicious code would be contained within the secure Microsoft Office sandbox environment.
Wardle, who slyly proclaimed, "Working at the NSA corrupted my mind and filled it with evil ideas," set out to test those boundaries of the sandbox protection. In a matter of days, he found a vulnerability.
By beginning a filename with the "$" character, he learned, a file can break out of the sandbox and avoid detection.
"Security researchers love these ancient file formats because they were created at a time when no one was thinking about security," Wardle told Motherboard.
Microsoft has patched the SYLK vulnerability and says it is communicating with Apple on addressing other issues raised by the research of Wardle and others.
Wardle fears these hacks may be just the tip of the iceberg.
"I was surprised how easy it was," to devise these hacks, Wardle told Wired magazine. "I do have experience doing this, but it would be arrogant for me to think that well-resourced hacker groups aren't looking at this and don't have similar talents, if not more so. It's a very broad attack vector. Sufficiently resourced and clever hackers will find ways to gain access and persist on Mac systems."
Dutch researcher Stan Hegt, who uncovered the SYLK macro vulnerability, praised Wardle's research but also cautioned there likely are more problems to come.
"The fact that he's now built a full exploit chain definitely proves a point," said Hegt. "I'm pretty sure if you dig deep in Office, especially on Macs, there's more" troublesome issues to uncover.
MacWindows Ping!...................
Time to try Navy DIF, Wordstar and Multiplan!
I’ve been a big Excel user for at least 30 years. I don’t think that I ever used SYLK files.
I was a Wordstar expert!...................
“Wordstar”
Wordstar and DB Master. We thought they were enough to rule the world.
I went through a phase where I had to use SLYK files to overcome some technical obstacle (I can’t remember now, I recall it my have been the only way I could export out of one system and have it open properly in another, but it was a while back.)
I was pretty good with DB as well!..............
William F. Buckley used Wordstar to the bitter end. I remain a WordPerfect guy myself, with a soft spot for Nota Bene and MacWrite Pro.
I loved Wordstar. I knew every command keyboard control by heart..........30 years ago.........
Then there is the unsung hero, File Maker Pro.
SYLK started as a export file format from Multiplan, the text precursor to Excel. It's more than 30 years old; more like 38 years.
I don't understand how the exploit works. SYLK content is just raw text and doesn't contain macros.
I see now. It supports commands for executing code, like EXEC() and HALT().
https://outflank.nl/blog/2019/10/30/abusing-the-sylk-file-format/
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
Thanks for the heads up.
A security expert revealed this week that an exploit commonly used against Windows users
...former NSA security specialist who addressed the Black Hat security conference this week...
...Wardle fears these hacks may be just the tip of the iceberg.
...but also cautioned there likely are more problems to come.
These things are more predictable than the plot to a road runner cartoon. I note they haven't found anyone who's actually been hacked. The ONLY catchphrase I didn't find was "This is an important proof of concept."
Visicalc!
I had to use a SYLK file a week ago for some obscure reason. Hadn’t seen those in 20 years.
“road runner cartoon plots are predictable”?
What? Seriously? That’s blasphemy!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.