Security News > 2022 > July > LibreOffice addresses security issues with macros, passwords
The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections.
LibreOffice features a check to determine if a macro was created and signed by someone the user trusts so it wouldn't execute the macro code in case of a mismatch.
"An adversary could create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading the user to execute arbitrary code contained in macros improperly trusted," explains the advisory.
LibreOffice offers security options for macros, ranging from "Low" to "Very high", which activate different sets of execution policies depending on the level of trust the user is comfortable accepting.
The medium security level displays a dialog asking the user to approve the execution of macros.
To check your macro security settings, navigate to Tools Options LibreOffice Security, click on "Macro Security", and set the level to "Very high".