Latest LibreOffice Version Still vulnerable to Malware-Dropping DocumentsLibreOffice thought they’d fix a serious vulnerability to code execution, but it looks like there’s still a way to go. In the latest version of the office suite an independent reporter bypassed the fix so developers will have to work on a fix quickly. People are urged by the exclusion of vulnerable part to install LibreOffice. Recently, LibreOffice published 6.2.5 fixing two significant vulnerabilities (Cve-2019-9848 and Cve-2019-9849) allegedly plugging a code execution bug that could lead to malware exploitation after a specially crafted document has been opened. While the developers of the popular open-source office suite believed they had dodged the bullet but a security researcher named Alex Inführ came on Twitter and revealed that he had successfully bypassed the latest available and patched version of the Cve-2019-9848 fix in LibreOffice 6.2.5. The Cve-2019-9848 patch successfully bypassed in LibreOffice 6.2.5. It’s time to write a new email Clearly when fixing something involves solving a proven method of leveraging a bug, there may be other ways an attacker may achieve the same outcomes. Additionally, there is always the possibility of a patch introducing a new way of manipulating the plugged flaw. Mr. Inführ did not provide any information on how he managed to circumvent LibreOffice’s patch, as this would jeopardize the protection of over 200 million people currently using the open-source productivity package. Cve-2018-9848 concerns the LibreOffice programmable turtle vector graphics script that can obviously be tricked into arbitrary python commands being executed. The document event function can be exploited by an attacker to trigger LibreLogo and execute malicious code embedded in a specially designed document. The python commands are executed automatically from there and without the user getting any alerts or being asked for their permission. Accepting that even in the latest version the bug has not been resolved affects the present and all previous versions of the office suite. If so then what can people do about it? Before LibreOffice releases a new patch that fixes the bypassing method used by Inführ, we may install the suite excluding the part “LibreLogo.” By selecting “custom” installation, you can pick the components you want to install expand the “optional components” list and then click on the disk icon to unselect the “LibreLogo” part. If you have LibreOffice already installed on your computer, you can re-run the installer and select the “modify” option as shown below. .470-0471You’ll be able to tell your voice assistant to change the channel Philo will soon allow subscribers to turn the channel to Android Tv using voice control. This will be possible for everyone soon thanks to a new feature Google is rolling out to Android Tv. They’ve highlighted Android Tv during the latest Google I / O launch, and how it will make life easier for those who want to subscribe to all kinds of services like Philo. They’ve actually pointed out that Philo is one of the early adopters of this new feature they’ve been cooking for the ability to use voice control to change the channel and pull up more information. So if you’re asking your Android Tv to turn to Comedy Central, the app will do just that now instead of a search results page that needs even more effort from your side. You’ll now be able to ditionally sign up for a service to install the required software and log in to your account much easier as Google offers more integration options for publishers. Philo has had an Android Tv app since last December so it’s been enjoyed for a while by subscribers with such a computer. Reviews and interviews for more Tech news guides.
Author Jeanne Higgins