Meanwhile, users must remain careful when interacting with digitally signed documents and shouldn’t trust the “trusted list” functionality. Given the bug’s severity, users must ensure updating their devices with the latest patched versions at the earliest. Hence, they have to manually download the latest versions of both tools to get the patches. While the patches are out, users might not receive the updates automatically. Consequently, they could fix the bug (recognized as CVE-2021–25635 for LibreOffice and CVE-2021–41832 for Apache OpenOffice) with the release of LibreOffice 7.0.5/7.1.1 and Apache OpenOffice 4.1.1. Following the bug reports, both LibreOffice and OpenOffice officials started working to address the glitch. Real-time exploitation of such a flaw could allow signing sensitive documents falsely without detection.
Then, the software would present it as a valid signature from a trusted party after failing to recognize the invalid algorithm. An adversary could spoof digital signatures in an ODF document via an invalid algorithm. This time, they found an improper certificate validation bug in both software.
Libreoffice openoffice allows hackers to spoof pdf#
The researchers from the same university have also detailed Shadow Attacks earlier this year that would allow meddling with the digitally signed PDF files. Specifically, the vulnerability first caught the attention of researchers from Network and Data Security (NDS) at the Ruhr-University Bochum.
LibreOffice, OpenOffice bug allows hackers to spoof signed docs. Nonetheless, the maintainers of both tools have patched the bug that triggered the security risk. The diversity and flexibility of our staff enables us to find the best solution for our. OpenOffice is a now-discontinued open-source office suite, and LibreOffice is an open-source fork of it. Specifically, the vulnerability existed in OpenOffice and LibreOffice simultaneously, allowing signature spoofing. Recently what happens, a severe vulnerability threatening the validity of digital signatures caught attention as the vendors addressed it.
0 kommentar(er)
