Tech Gaming Report

Latest Tech & Gaming News

Update Now: LibreOffice fixes a critical macro issue

Update Now: LibreOffice fixes a critical macro issue

With a concise security notice LibreOffice warns about a security issue: LibreOffice can execute arbitrary commands as soon as you open an ODT file. No more questions or yellow bars with warnings that you would have to click. Boom!

When you think of macros, you really think of Microsoft Office, where cybercriminals have been using its capabilities for years to infect systems on a large scale. But LibreOffice also masters macros. And if you cleverly embed it in an HTML element, LibreOffice will launch it right on startup without any further prompts or warnings. is enough for that apparentlySomething like

<iframe src='macro:Shell("whatever")'></iframe>

write to file for whatever run. In Heise Security tests, this worked on a Mac; Windows and Linux versions are also likely to be affected by this issue (CVE-2022-3140) (although the advisory is silent on OS versions). Only LibreOffice versions 7.3.6 and 7.4.1 introduce additional checks and display a warning about macros instead. LibreOffice users should update their installation as soon as possible.


(Yes)

to the home page