Macs vulnerable through hole in IE, Office

A flaw that when exploited could allow an attacker to take control of a user’s system exists in Microsoft Corp.’s Internet Explorer and Office for the Mac, Microsoft warned late Tuesday.

The Redmond, Wash., software giant released a cumulative patch that fixes all vulnerabilities affecting Internet Explorer 5.1 for Macintosh and Office v. X previously identified by Microsoft, plus two new vulnerabilities. Microsoft in a security bulletin urged all customers running the Internet Explorer Web browser and Office for Macintosh to apply the “critical” patches.

The most serious of the two new vulnerabilities is a buffer overrun flaw that affects both Internet Explorer and Office for the Mac. An attacker could run arbitrary code on a user’s Mac by creating a specially formed Web page. The user would have to visit that page, view it as e-mail in Outlook or Entourage, or open a Mac Office file with the page for an attack to be carried out, Microsoft said. Entourage is the e-mail client and personal information management program included with Office v. X.

The second newly patched vulnerability allows an attacker to run AppleScript on a user’s machine, without first launching the Helper application. This flaw affects Internet Explorer for Mac OS 8 and 9 only, Microsoft said. An attacker could craft a Web page that would, for example, shut down a vulnerable Mac if its user were to visit the page containing the malicious code.

AppleScript is a system-level scripting level used to automate common tasks, such as shutting down the computer or closing windows. An attacker can only run AppleScripts already on the system, there is no way for an attacker to deliver a script of choice through this vulnerability, Microsoft said.

Microsoft’s security bulletin MS02-019 can be found online at: http://www.microsoft.com/technet/security/bulletin/MS02-019.asp

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now