“Microsoft issued a rare, out-of-cycle Windows patch on Tuesday that fixed one flaw, but attacks through other known, yet-to-be-plugged holes continue,” Joris Evers reports for CNET News.
“Microsoft on Wednesday warned of ‘limited zero-day attacks’ that exploit a new flaw in PowerPoint, Microsoft’s widely used presentation tool. For the attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker, Microsoft said in a security advisory,” Evers reports.
“‘This issue can allow remote attackers to execute arbitrary code on a vulnerable computer,’ Symantec said in an alert sent to customers. The flaw affects PowerPoint in Office 2000, Office XP and Office 2003 on Windows and Apple Computer’s Mac OS X, it said. Attacks appear to be aimed at specific targets, Symantec said,” Evers reports.
“For temporary protection against PowerPoint attacks, Microsoft suggests keeping security software up-to-date and not opening presentations files from untrusted sources,” Evers reports.
Full article here.
MacDailyNews Take: Mac users should try Apple’s Keynote instead. It’s better than PowerPoint, makes more interesting presentations that stand out above the ubiquitous PowerPoint dreck, and it’s safer. Avoid Microsoft products whenever possible and you’ll enjoy your Mac even more.
Related article:
Mac users should not buy Microsoft software (or hardware) – May 16, 2003
No MS crap on my Mac anyway
Lovely, not only do Microsoft expose users of their own OS via their software, they expose people using other OS’s as well.
Tsk. Tsk.
As if there weren’t enough reasons to use Keynote already…
hmmm….
I’d like to know how the security flaw in MS Powerpoint actually works on an OS X Mac and whether it *really allows a remote attacker to compromise said machine.
The inclusion of Apple Mac OS X in the “this affects….” list seems fishy to me.
Will using Keynote protect you? The article says that opening emailed PowerPoint slides from others is the vulnerability. I doubt Keynote is able to open all types of PowerPoint slides w/100% compatibility, so if I were to purchase Keynote, wouldn’t I still need to keep PowerPoint around to open some files properly?
I’m with 7over, I’m skeptical about this report. Wouldn’t OS X protect you by requiring an admin password if you open a virus? Let’s remember that this is not a credible source–it’s Symantec.
There are millions of Powerpoint presentations flying round the world, often just full of ridiculous pictures.
I predict this is going to do some serious damage.
MS Class Action yet anyone?
So for Mac OS X users, is this powerless or pointless or both?
I’m not exactly trusting Sementec these days.
Keynote, PowerPoint, bleh.
I use InDesign, Illustrator, Photoshop, and Acrobat to make presentations.
The execution of “arbitrary” code on an OSX machine through a PowerPoint exploit sounds sensationalistically “arbitrary”.
WTF??
I like the last line of the NewsTake. Keep MS crap off your Mac. If you are apoplectic about losing Word, try Mellel.
Keynote rulez!
Haven’t used PP in over a year. Keynote is universal binary. I’ll look at PowerPoint again when they’ve gotten their act together.
MW “act”, I swear I did not see the MW before I typed the post. Eerie!
They never said WHAT damage it does to a Mac if you get one of these PowerPoint documents sent to you. My guess is nothing?
Sementec, that must be one of you most brilliant momets on that forum, Ampar.
Thanks for that one!
Heh if I ran a company I’d BAN PowerPoint. Using it would be a terminable offense.
Fortunately I don’t have to suffer through many PP presentations, but I had to the other day & it was a doozie. The presenter was glowing proud, pointing out all his stupid little pictures and special effects. The content itself absolutely stunk; it was a disorganized clueless mess, and he spent 45 minutes telling his audience nothing.
No wonder PP is known for dumbing down companies and getting people killed.
Apple, how about a “think it through” Keynote feature, to help people actually put content in their presentations?
When is someone going to charge Microsoft with negligence? If I conducted my professional affairs in the manner Microsoft does business i would lose my license and be unemployable.
Due diligence
From Wikipedia, the free encyclopedia
Due diligence (also known as due care) is the effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Failure to make this effort is considered negligence. Quite often a contract will specify that a party is required to provide due diligence.
Off the subject, but I can’t resist commenting that Microsoft Word is the only word processor I have ever used that requires the user to read the manual in order to do even the simplest thing. What a bloated piece of you-know-what!
Would love to drop the whole MS suite, unfortunately I work in the real world. Would loe to see Keynote cross platform, it might encourage more to look at Apple, like iTunes has.
What actually will this do to my machine?
I’m with the skeptics. I don’t doubt for a second that the Office for Mac apps have vulnerabilities, but could anyone actually do anything to OS X by taking advantage of them? I’d truly be surprised if they could. Anyone with knowledge of this kind of thing have an opinion?
“What actually will this do to my machine?”
It forces you to use really bad clip art, illegible fonts, and nauseating transitions and text animations. But don’t worry. Most PC users expect those things anyway.
MW: figure, as in go.
Ampar is spot on!
I have yet to see ANY PowerPoint slide that looks remotely professional.
I doubt Mac OS X is truly vulnerable. The vulnerability is there in the Mac version of PowerPoint, I’m sure, but the hackers would still have to craft a payload specifically to attack Mac OS X. And we all know how difficult that is.
(For one thing, this “arbitrary code” would likely run without escalated privileges, so there would be very little damage it could do.)
Quite often a contract will specify that a party is required to provide due diligence.
IIRC, Microsoft’s EULA specifies that they aren’t responsible for anything. How nice. Not to mention the license is just that: you pay a fee for the privilege of using MS’s wonderful wares.
Imagine an auto maker that operated like that. One that took no accountability for their product, was free from warranty and lemon laws, and where the product price was merely rent. Oh, and one that maintained 90% market share with taped-together clunkers.
Crazy how the world works…