Mac Malware Targeting Unpatched Office Running on OS X – eWeek
This is a different issue than reported earlier on this blog here on April 16th.
Microsoft is reporting that malware is exploiting unpatched versions of its Microsoft Office Word 2000 suite to compromise Apple Macintoshes running Snow Leopard or earlier versions of Mac OS X.
Microsoft has discovered malware that’s preying on Apple computers running unpatched versions of its Office application suite.
The two vulnerabilities in question were patched in the Microsoft Office Word 2000 suite in June 2009, almost three years ago.
At that time, Microsoft put out a critical security bulletin—MS09-027—to close the holes, which can allow an attacker to get control of a system if a user opens a maliciously crafted Word file.
Much more in the article.
These Office Word 2000 installs on Mac OS X should have been patched by users for 3 years now.
Another troubling situation is that the malware seems to be targeting Snow Leopard and earlier versions of Mac OS X; not Lion.
With Lion the particular memory address being abused to run shellcode isn’t vulnerable like in earlier versions of Mac OS X.
So, if you have ANY version of Microsoft Office software running on your Mac, make sure it is up to date.
Better yet, if you have any software running on your Mac make sure it is updated including MS Office, Java, and other Internet facing programs, as well as Mac OS X itself. This should be obvious to must Mac users by now, but certainly bears repeating.
This is not just a Mac problem, but it has been exacerbated on Macs because getting MS updates for MS Office on the Mac apparently hasn’t been done as religiously as it often is on MS Windows systems, which are also vulnerable by the way.
Microsoft Security Bulletin MS09-027 – Critical
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514).
For Mac OS X, MS Office 2011/Office 14, Microsoft has a page showing how to check for software updates automatically.
Microsoft has a page to download MS Office Updates (at least back to Office 2004)