Excel vulnerability puts Macs to risk

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Feb 25, 2009.

  1. macrumors bot

    Joined:
    Jul 5, 2003
    #1

    [​IMG]

    Category: News and Press Releases
    Link: Excel vulnerability puts Macs to risk
    Description:: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. This vulnerability targets users of Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac.

    Posted on MacBytes.com
    Approved by Mudbug
     
  2. Guest

    Joined:
    Mar 13, 2008
    #2
    Yeah right. I'm skeptical.
     
  3. macrumors G3

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #3
    Why? It says its a vunerability for all of excel, not just mac.
     
  4. macrumors regular

    Joined:
    Jul 28, 2007
    Location:
    Montreal, Quebec, Canada
    #4
    Expect Microsoft to take about 10 times longer to patch the Mac versions than to patch the Windows versions.
     
  5. macrumors member

    Joined:
    Oct 16, 2008
    #5
    Yup
     
  6. macrumors 68030

    irmongoose

    Joined:
    Dec 3, 2001
    Location:
    Sometimes Tokyo, sometimes California
    #6
    Reminds me of the old "macro virus" days... I seriously hope we don't have to go through that again. *shudder*



    irmongoose
     
  7. macrumors 65816

    alexbates

    Joined:
    Nov 24, 2008
    Location:
    Georgia, USA
    #7
    That's why people should switch to iWork if they are on a Mac...
     
  8. macrumors G4

    Joined:
    Jul 17, 2002
    Location:
    USA
    #8
    That's just it. The claim is all over the lot:
    • Excel 2000 [for Windows] is vulnerable.
    • Excel 2004 [for Mac] is vulnerable.
    • Excel 2008 [for Mac] is vulnerable.
    • There is some conceivable scenario by which an attack can be staged via the Web.
    Here is the thing: Excel 2004 and Excel 2008 do not share the same code base. What is more, the usual vector for Excel-based attacks is through its macro facility. Well, Excel 2008 does not have this facility--much to consternation of Excel:mac users. Excel 2007 has the macro facility, but it is not mentioned.

    Despite the fact that Excel 2000 is vulnerable, none of the other versions of Excel:win that share its code base or native format are mentioned. The headline is exclusively about the Mac. The text of the report is mostly about the Mac. This report was posted by an anonymous author on a security website that none of us ever heard of before. Forgive me for being a deep color of skeptical.
     
  9. macrumors G4

    Joined:
    Jul 17, 2002
    Location:
    USA
    #9
    Shame on MacBytes

    I don't like tandem posts, but this is important. The OP from MacBytes is a repost from Help Net Security, a site claiming to be devoted to security issues. That post is based on Microsoft Security Advisory (968272).

    Nowhere in Microsoft's Advisory does it mention the Mac or any Mac-version of Excel. The only version of the spreadsheet explicitly referenced in Excel 2000. All of the references to Mac versions of Excel were added by the anonymous poster on Help Net Security.
     
  10. macrumors regular

    rfruth

    Joined:
    Feb 5, 2007
    Location:
    Texas
    #10
  11. macrumors 6502a

    PeterQC

    Joined:
    Jun 30, 2008
    #11
    So, in short you would have to download an infected excel file, and open it.

    But then again, who download excel files from Internet from suspicious websites?

    Call me back when a real threatening vulnerability happen.
     
  12. macrumors 6502

    Joined:
    Oct 12, 2008
    #12
    :confused: great attitude.
     
  13. macrumors 6502a

    Joined:
    Jan 2, 2009
    #13
    I use iWork mwhahhaha LOL :D
     
  14. macrumors G4

    Joined:
    Jul 17, 2002
    Location:
    USA
    #14
    What I am saying is that Microsoft does not say that Excel:mac is not OK. Jim Dalrymple in the MacWorld.com piece claims that Microsoft said "... Microsoft noted that Office 2004 and 2008 for Mac were both affect by the vulnerability." Well, again, Microsoft did not say that. You can read it for yourself.

    There is a herd mentality that pervades Internet journalism. One site posts something. Then every other site picks it up and reposts it or posts it as original without checking the underlying facts.
     
  15. macrumors 68030

    irmongoose

    Joined:
    Dec 3, 2001
    Location:
    Sometimes Tokyo, sometimes California
    #15
    What are you on?? In the same article you referenced, under "Overview" there is a list of "Affected Software", and it clearly says "Microsoft Office 2004 for Mac", "Microsoft Office 2008 for Mac", and "Open XML File Format Converter for Mac"!


    irmongoose
     

    Attached Files:

  16. macrumors G4

    Joined:
    Jul 17, 2002
    Location:
    USA
    #16
    My bad.
     

Share This Page