EDGE 2015 is starting in

Find out more EDGE 2015
Menu
Is the Chinese Government exploiting a hole in Office for Mac?

Is the Chinese Government exploiting a hole in Office for Mac?

Chinese authorities may be exploiting a security hole in Microsoft Office for Mac to target the Uyghur people

According to Kaspersky and AlienVault Labs, Chinese authorities may be exploiting a security hole in Microsoft Office for Mac to target the Uyghur people, an ethnic group of people who live in parts of Asia and are seeking independence from Chinese rule.

The targeted attacks exploit an old Office for Mac vulnerability (CVE-2009-0563) that was actually fixed over three years ago.

Kaspersky says it has noticed a "significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment."

Phishing emails have been sent to the Uyghur community that include Microsoft Word documents, which once open, activate a Mac OS X backdoor that "would initiate a connection with the server, and its "tshd_put_file" function was configured to drop stolen data in the "/downloads/" directory located there", writes Kaspersky.

The hackers are able to remotely control the computer and spy on its user's activities.

One of the corrupt files details the "Concerns over Uyghur People's Fundamental Rights Under the New Chinese Leadership". The documents can be identified by the author name: "Captain".

Similar attacks have been reported against other ethnic groups, including the Tibetan people and Uighur activists.

Follow Karen Haslam on Twitter / Follow MacworldUK on Twitter

Related:

Mac backdoor used in attacks against Uighur activists

The worst security exploits, fails and blunders: 2012 in review

Security expert claims Apple will lose out to 'open, sexy, flexible' competitors

Kaspersky Security for Mac review

Mountain Lion and Gatekeeper: What you need to know

Flashback the wake up call Apple needed: Kaspersky

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags MacapplicationsMicrosoftsecuritysoftwareOffice suitesExploits / vulnerabilities

Upcoming

Slideshows

In Pictures: 7 things we hate about Twitter

In Pictures: 7 things we hate about Twitter

You probably either love Twitter for its quirkiness and brevity or see it as a pointless waste of time. After nearly a decade on the social scene, Twitter still needs to improve its user experience and fill in notable gaps in the service. These seven problems are long overdue for a fix.

In Pictures: 7 things we hate about Twitter
IN PICTURES: EDGE 2015 - Sponsor Briefing

IN PICTURES: EDGE 2015 - Sponsor Briefing

With EDGE 2015 rapidly approaching, ARN and Reseller News NZ held a Sponsors Briefing where ARN publisher and president, Susan Searle, and Events Manager, Alexandra West, ran through the considerable logistics in detail. Attendees then enjoyed some splendid canapes and drinks. EDGE is designed to bring the A/NZ channel together in a collaborative and educational environment. Themed around channel channel leadership, EDGE will be held at the Sheraton Mirage, Port Douglas, July 20-23. Photos by MIKE GEE.

IN PICTURES: EDGE 2015 - Sponsor Briefing
In Pictures: Robots that cook, clean, sing and dance

In Pictures: Robots that cook, clean, sing and dance

Cooking, learning language and doing the laundry are a few of the human skills demonstrated by.real humanoid bots featured in the National Geographic movie Robots.

In Pictures: Robots that cook, clean, sing and dance

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments