Excel vulnerability puts Macs to risk

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Feb 25, 2009.

  1. macrumors bot



    Category: News and Press Releases
    Link: Excel vulnerability puts Macs to risk
    Description:: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. This vulnerability targets users of Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac.

    Posted on MacBytes.com
    Approved by Mudbug
  2. Guest

    Yeah right. I'm skeptical.
  3. macrumors G3


    Why? It says its a vunerability for all of excel, not just mac.
  4. macrumors regular

    Expect Microsoft to take about 10 times longer to patch the Mac versions than to patch the Windows versions.
  5. macrumors member

  6. macrumors 68030


    Reminds me of the old "macro virus" days... I seriously hope we don't have to go through that again. *shudder*

  7. macrumors 65816


    That's why people should switch to iWork if they are on a Mac...
  8. macrumors G4

    That's just it. The claim is all over the lot:
    • Excel 2000 [for Windows] is vulnerable.
    • Excel 2004 [for Mac] is vulnerable.
    • Excel 2008 [for Mac] is vulnerable.
    • There is some conceivable scenario by which an attack can be staged via the Web.
    Here is the thing: Excel 2004 and Excel 2008 do not share the same code base. What is more, the usual vector for Excel-based attacks is through its macro facility. Well, Excel 2008 does not have this facility--much to consternation of Excel:mac users. Excel 2007 has the macro facility, but it is not mentioned.

    Despite the fact that Excel 2000 is vulnerable, none of the other versions of Excel:win that share its code base or native format are mentioned. The headline is exclusively about the Mac. The text of the report is mostly about the Mac. This report was posted by an anonymous author on a security website that none of us ever heard of before. Forgive me for being a deep color of skeptical.
  9. macrumors G4

    Shame on MacBytes

    I don't like tandem posts, but this is important. The OP from MacBytes is a repost from Help Net Security, a site claiming to be devoted to security issues. That post is based on Microsoft Security Advisory (968272).

    Nowhere in Microsoft's Advisory does it mention the Mac or any Mac-version of Excel. The only version of the spreadsheet explicitly referenced in Excel 2000. All of the references to Mac versions of Excel were added by the anonymous poster on Help Net Security.
  10. macrumors regular


  11. macrumors 6502a


    So, in short you would have to download an infected excel file, and open it.

    But then again, who download excel files from Internet from suspicious websites?

    Call me back when a real threatening vulnerability happen.
  12. macrumors 6502

    :confused: great attitude.
  13. macrumors 6502a

    I use iWork mwhahhaha LOL :D
  14. macrumors G4

    What I am saying is that Microsoft does not say that Excel:mac is not OK. Jim Dalrymple in the MacWorld.com piece claims that Microsoft said "... Microsoft noted that Office 2004 and 2008 for Mac were both affect by the vulnerability." Well, again, Microsoft did not say that. You can read it for yourself.

    There is a herd mentality that pervades Internet journalism. One site posts something. Then every other site picks it up and reposts it or posts it as original without checking the underlying facts.
  15. macrumors 68030


    What are you on?? In the same article you referenced, under "Overview" there is a list of "Affected Software", and it clearly says "Microsoft Office 2004 for Mac", "Microsoft Office 2008 for Mac", and "Open XML File Format Converter for Mac"!


    Attached Files:

  16. macrumors G4

    My bad.

Share This Page