"Hackers Can Fake Signed Documents Because of a Flaw in LibreOffice and OpenOffice"
OpenOffice and LibreOffice have pushed updates to address a vulnerability that could allow an attacker to spoof signed documents. The vulnerability is classified as mild in severity, but its exploitation could lead to severe consequences. The digital signatures used in document macros are supposed to help the user verify that the document has not been altered and can be trusted. The method of enabling anyone to sign macro-infested papers and make them appear trustworthy is effective at tricking unsuspecting users into running malicious code. The flaw, which is tracked as CVE-2021-41832 for OpenOffice, was discovered by four researchers at the Ruhr University Bochum. The same flaw is tracked as CVE-2021-25635 for LibreOffice, a branch of OpenOffice created more than a decade ago from the main project. This article continues to discuss the security flaw discovered in OpenOffice and LibreOffice that hackers can exploit to fake signed documents as well as the updates released to address it.