Hackers Can Fake Signed Documents Because Of a Flaw in LibreOffice and OpenOffice

Hackers Can Fake Signed Documents Because Of a Flaw in LibreOffice and OpenOffice

Updates for LibreOffice and OpenOffice have been released to address a security flaw that allows an attacker to make documents seem to be signed by a trusted source.

Although the vulnerability is classed as mild in severity, the consequences might be severe. Document macros employ digital signatures to let users verify that the document hasn’t been tampered with and can be trusted.

Allowing anybody to sign macro-infested papers and make them look trustworthy is an excellent method to trick people into launching malicious malware.

Four researchers from Ruhr University Bochum discovered the OpenOffice issue and assigned the number CVE-2021-41832.

The same problem affects LibreOffice, a branch of OpenOffice created from the original project over a decade ago, and is listed as CVE-2021-25635 for their project.

If you’re using one of the open-source office suites, you should update to the most recent version right away. That would be OpenOffice 4.1.10 and later, and LibreOffice 7.0.5 or 7.1.1 and later.

The auto-updating feature is absent in both applications, so you should manually update to the most recent version.

Suppose you’re running Linux and the versions mentioned above aren’t yet available through your distribution’s package manager. In that case, you should either download the “deb” or “rpm” package from the Download center or build LibreOffice from the source.

If you can’t update to the current version for whatever reason, you may permanently disable the macro capabilities in your office suite or avoid trusting any documents that include macros.

To enable macro security in LibreOffice, go to Tools → Options → LibreOffice → Security, and click on ‘Macro Security.’

You may choose from four different degrees of security in the new dialog, with High or Very High being the preferred selections.

You shouldn’t depend on the “trusted list” capability if you’re still running an outdated and vulnerable version since an incorrect signature algorithm may still make a laced document appear to come from a trusted source.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.