March 29, 2012 at 12:18 PM ET
Uh oh! Mac users who occasionally dip their toes into the sea of Microsoft products are at risk of becoming the victims of targeted security attacks, thanks to a security hole in Microsoft Office for Mac.
Dennis Fisher of the Kaspersky Lab Security News Service reports that researchers recently discovered a new security attack which relies on "two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines." These attacks are specifically targeting Mac users, he explains.
(Msnbc.com is a joint venture of Microsoft and NBC Universal.)
Despite the attack method being rather new, it actually relies on a three-year-old vulnerability in the way Microsoft Office for Mac deals with certain types of Microsoft Word Files. According to Jaime Blasco of AlienVault Labs, an attacker needs to send a "specially crafted Word file" to a user and have some patience. Once that individual opens the malicious file, the attacker could take complete control of his or her system:
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
As usual, extreme vigilance is the best way to avoid becoming a victim to a security attack such as this one. Be careful when opening files you've received. Are they from individuals you trust? Are they files you've been expecting? Use common sense and don't immediately peek at every random file.
Updated at 8:15 pm ET: Yunsun Wee, director of Microsoft Trustworthy Computing, said the company released a security update in 2009 "to address an issue affecting Microsoft Office for Mac, and we encourage customers to apply this update to ensure that they are fully protected."
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.