Der Spiegel (spiegel.de) reports how a recent Mac hack shows how easily the Office package on a Mac can be attacked and thus also endangers companies - even if Office runs more under Windows there.
Mac hacker Patrick Wardle has now presented his experiment in the virtual edition of the Black Hat IT security conference, which normally takes place every summer in Las Vegas. His attack on the Mac is actually a classic Windows hack - namely, the spread of malware via prepared office macros.
The hack Wardle shows the black hat audience does not trigger a macro warning. He escapes the sandbox and opens a back door to his victim's Mac for the attacker, without the lack of authentication of the actual malware slowing him down. A click of the victim on a document prepared by Wardle enables the installation and execution of any malware on a Mac.
Wardle first made use of an ancient file format called SYLK, which Microsoft Excel supports to this day. He put his malicious macro in such a SYLK file, written in an also outdated but still accepted file format called XLM.
More on this in the Netzwelt at Spiegel.de