A string of booby-trapped Microsoft Office files that plant malware in Apple Macs via rarely abused vulnerabilities have been detected in the wild.
The malicious documents were uncovered in a run of spam messages sent by pro-Chinese hackers to Tibetan activists, security tools biz AlienVault reports. It said the assault was much more sophisticated than the previous malware-based attacks against pro-Tibet sympathisers that it has tracked over recent weeks.
The vector used by the so-called MacControl Trojan in the latest phase of the attack is highly unusual, according to AlienVault.
“This is one of the few times we have ever seen a malicious Office file used to deliver malware on to the Apple Mac platform and which exploits a remote code execution vulnerability that exists in the way that Microsoft Word handles a specially crafted file that includes a malformed record.”
Source: The Register