Security News > 2021 > October > LibreOffice, OpenOffice bug allows hackers to spoof signed docs
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source.
The same flaw impacts LibreOffice, which is a fork of OpenOffice spawned from the main project over a decade ago, and for their project is tracked as CVE-2021-25635.
Since neither of these two applications offer auto-updating, you should do it manually by downloading the latest version from the respective download centers - LibreOffice, OpenOffice.
If you're using Linux and the aforementioned versions aren't available on your distribution's package manager yet, you are advised to download the "Deb", or "Rpm" package from the Download center or build LibreOffice from source.
If updating to the latest version is not possible for any reason, you can always opt to completely disable the macro features on your office suite, or avoid trusting any documents containing macros.
To set macro security on LibreOffice, go to Tools Options LibreOffice Security, and click on 'Macro Security'.