OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Beware opening RTF files in Office 2011

Published March 27th, 2014 at 3:06 PM EDT , modified March 27th, 2014 at 3:06 PM EDT

Earlier this week (while I was out of town, of course!), Microsoft announced a vulnerability in Office that would allow a maliciously-crafted RTF file to execute code automatically when opened. Office 2011 for Mac is listed as being vulnerable. There are already exploits using this bug to install malware on Windows, but it’s unclear on whether this might also affect the Mac. Probably not, if I had to guess, but just to be safe, disable opening of RTF files in Office 2011 for now.

Tags: ,

5 Comments

  • Melissa says:

    As always, thank you Thomas. How do you disable opening an RTF file in Office 2011? I do not see that option in Word’s Preferences pane, and Microsoft’s security articles only refer to Office for Windows systems.

    • Thomas says:

      LOL, I knew someone was going to ask that! Unfortunately, I don’t use Office, so I don’t know. And Microsoft’s documentation of how to handle this problem is utterly silent when it comes to the Mac:

      http://technet.microsoft.com/en-us/security/advisory/2953095

      Hopefully, another reader can provide the answer… if not, it would be wise to avoid opening RTF files in Office, and open them in something like TextEdit instead.

    • Al says:

      None of those of us that have researched that have found any way to do it from within MS Word. Normally the opening of an “.rtf” file would default to TextEdit, so most users will have no need to do anything. If, for some reason, you have changed those settings, then you will need to find an RTF file (ending in “.rtf”) on your hard drive, highlight it and select “Get Info” from the Finder’s File menu, about half way down the resulting dialog box you will see a section “Open with:”. If the disclosure triangle isn’t pointing down, click to reveal that section and if the popup menu shows “Microsoft Word” click on it and select something else (probably TextEdit). Now click on the “Change All…” button under that and the “Continue” button on the confirmation dialog that will come up. This last step would be a good idea even if it shows “TextEdit” just in case there are other documents that specify Word.

  • Melissa says:

    That’s what I figured. Disable Safari from automatically opening downloaded files and open any downloaded RTF files (Mail or Safari) using TextEdit or Pages.

  • bentkitty100 says:

    I can confirm that RTF files open in TextEdit by default. So assuming you don’t change that setting, you should be good to go. And if not, control-click or right-click the file and choose open with TextEdit

This post is more than 90 days old and has been locked. No further comments are allowed.