Jump to content

Mac Malware Targeting Unpatched Office Running on OS X – eWeekM


Guest LilBambi

Recommended Posts

Guest LilBambi

Mac Malware Targeting Unpatched Office Running on OS X – eWeek

 

This is a different issue than reported earlier on this blog here on April 16th.

Microsoft is reporting that malware is exploiting unpatched versions of its Microsoft Office Word 2000 suite to compromise Apple Macintoshes running Snow Leopard or earlier versions of Mac OS X.

 

Microsoft has discovered malware that’s preying on Apple computers running unpatched versions of its Office application suite.

 

The two vulnerabilities in question were patched in the Microsoft Office Word 2000 suite in June 2009, almost three years ago.

 

At that time, Microsoft put out a critical security bulletin—
MS09-027
—to close the holes, which can allow an attacker to get control of a system if a user opens a maliciously crafted Word file.

 

As noted in the Fran's Computer Services blog posting:

 

Another troubling situation is that the malware seems to be targeting Snow Leopard and earlier versions of Mac OS X; not Lion.

 

With Lion the particular memory address being abused to run shellcode isn’t vulnerable like in earlier versions of Mac OS X.

 

Virus Bulletin has a Glossary entry for shellcode noted above:

 

Code activating a payload via command-line instructions

Shellcode is a small piece of code which activates a command-line interface to a system and passes in commands. These instructions will often involve disabling security measures, opening a backdoor to allow remote access to a system, and downloading or activating further malicious code.

Shellcode is often injected into a system and executed via a vulnerability in network-facing software, such as browsers, or in downloadable files such as documents.

Edited by LilBambi
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...