Posted on 08/07/2020 7:06:01 AM PDT by Red Badger
A security expert revealed this week that an exploit commonly used against Windows users who own Microsoft Office can sneak into MacOS systems as well.
A former NSA security specialist who addressed the Black Hat security conference this week summarized his research into the new use for a very old exploit.
Patrick Wardle explained that the exploit capitalizes on the use of macros in Microsoft Office. Hackers have long used the approach to trick users into granting permission to activate the macros, which in turn surreptitiously launch malicious code.
But Wardle noted that attacks against Mac systems using such macros began occurring around 2017. In 2018, the internet security company Kaspersky uncovered evidence that North Korean hackers infected a cryptocurrency exchange in what was believed to be the first such assault on a MacOS system. Hackers residing under the world's most repressive regime may have earned up to $2 billion in cryptocurrency hacks, according to a report released why the United Nations last year.
The hacks rely on the use of two additional weak spots, one a nearly 30-year-old file format little used in recent years. While Microsoft Office generally prompts users before a macro is executed, the old SYLK Excel file format (.SLK) does not trigger a prompt. Thus, it can be used to bypass a line of security.
Wardle noted that Microsoft Office handles code for old files differently than code for newer ones.
When researchers alerted Apple to the .SLK vulnerability last year, Wardle said, Microsoft declined to issue a patch, asserting that malicious code would be contained within the secure Microsoft Office sandbox environment.
Wardle, who slyly proclaimed, "Working at the NSA corrupted my mind and filled it with evil ideas," set out to test those boundaries of the sandbox protection. In a matter of days, he found a vulnerability.
By beginning a filename with the "$" character, he learned, a file can break out of the sandbox and avoid detection.
"Security researchers love these ancient file formats because they were created at a time when no one was thinking about security," Wardle told Motherboard.
Microsoft has patched the SYLK vulnerability and says it is communicating with Apple on addressing other issues raised by the research of Wardle and others.
Wardle fears these hacks may be just the tip of the iceberg.
"I was surprised how easy it was," to devise these hacks, Wardle told Wired magazine. "I do have experience doing this, but it would be arrogant for me to think that well-resourced hacker groups aren't looking at this and don't have similar talents, if not more so. It's a very broad attack vector. Sufficiently resourced and clever hackers will find ways to gain access and persist on Mac systems."
Dutch researcher Stan Hegt, who uncovered the SYLK macro vulnerability, praised Wardle's research but also cautioned there likely are more problems to come.
"The fact that he's now built a full exploit chain definitely proves a point," said Hegt. "I'm pretty sure if you dig deep in Office, especially on Macs, there's more" troublesome issues to uncover.
I know. I can’t even remember what they are for. I recall some databases could only export in that format correctly. Ugh.
I think SYLK handled commas in text properly unlike CSV files which puked on commas in text.
Unless you are doing really insanely complex things, and only know how to do them in a proprietary program, like Excel, I don’t understand why anyone would use anything other than OpenOffice. Even Microsloth programs can now handle OpenOffice files these days.
You’re right. The article’s last sentence essentially takes it’s place. I’ve noticed the same thing.
Wordstar, Wordperfect, Quatro Pro
;^)
Lotus 1-2-3...............
Thanks. This explains the Microsoft Office messages that appeared on my Mac today, with the small print message to “agree” with their legalese, which I never read.
All of which I knew every command, but have forgotten. Not to worry, I still have the manuals!
Was going to list Loyus.. but I replaced it with Quatro Pro (it was MUCH cheaper ;^))
Whats your fave website to learn to build non complex but multi sheet spreadsheets (not a total beginner but a little weak on functions).
Trying to do something on the lines of an inventory but with locations instead of items, plus other sheets to note attributes of each location, with the results of the attributes leading to a “score” for each location on a main report page.
Thanks in advance any advice.
^KB ^KK ^KC ^KV ^KY
Still know them by heart !
...the exploit capitalizes on the use of macros in Microsoft Office.
Thank you!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.