The LibreOffice and OpenOffice office suite development teams have released updates that address a vulnerability that could allow an attacker to manipulate documents to appear signed by a trusted source. Although the severity of the error is classified as moderate, its consequences can be significant.
Digital signatures used in macros they are intended to help the user verify that the document has not been altered and can therefore be trusted. Being able to sign documents with macros to create the impression that they are trustworthy is a great way to deceive a user and get them to run malicious code.
Error in office packages
On the discovery of an error that is registered as for the OpenOffice office suite as CVE-2021-41832, four security experts (Simon Rohlmann, Vladislav Mladenov, Christian Mainka and Jorg Schwenk) from the University of Ruhr in Bochum participated. The same bug affects the LibreOffice office suite, an offshoot of OpenOffice that originated from a major project more than a decade ago. For this project it is registered as CVE-2021-25635.
“An attacker can manipulate documents so that they appear to be signed by a trusted source. All versions of the Apache OpenOffice office suite up to version 4.1.10 are affected, “ it is mentioned in the accompanying document for this error.
Vulnerabilities are caused by incorrect signature verification. There are basically two ways to get a manipulated document with malicious code to a user: get him to visit a specially crafted website and download a malicious file, or to open an attachment in an e-mail message.
Feel free to update
If you are using one of the open source office suites, we recommend that you update immediately to the latest available version. When OpenOffice it is version 4.1.11 and later and in the case LibreOffice version 7.2.1 and later. Because none of the applications offer automatic updates, you must do so manually by downloading the latest version from the appropriate pages.
If for some reason it is not possible to upgrade to the latest version, you can turn off the macro function completely or avoid trusted documents that contain macros. At least in part, the good news is that this security vulnerability is not currently being actively exploited for attacks.