OFFICIAL SECURITY BLOG
Tech News News Favorites Adware Medic Tech Guides About Us
Mac Malware GuideAdware Removal GuideMac Performance Guide

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Beware opening RTF files in Office 2011

Published March 27th, 2014 at 3:06 PM EDT , modified March 27th, 2014 at 3:06 PM EDT

Earlier this week (while I was out of town, of course!), Microsoft announced a vulnerability in Office that would allow a maliciously-crafted RTF file to execute code automatically when opened. Office 2011 for Mac is listed as being vulnerable. There are already exploits using this bug to install malware on Windows, but it’s unclear on whether this might also affect the Mac. Probably not, if I had to guess, but just to be safe, disable opening of RTF files in Office 2011 for now.

Tags: ,

5 Comments

  • Melissa says:
    March 27, 2014 at 4:02 pm

    As always, thank you Thomas. How do you disable opening an RTF file in Office 2011? I do not see that option in Word’s Preferences pane, and Microsoft’s security articles only refer to Office for Windows systems.

    • Thomas says:
      March 27, 2014 at 4:52 pm

      LOL, I knew someone was going to ask that! Unfortunately, I don’t use Office, so I don’t know. And Microsoft’s documentation of how to handle this problem is utterly silent when it comes to the Mac:

      http://technet.microsoft.com/en-us/security/advisory/2953095

      Hopefully, another reader can provide the answer… if not, it would be wise to avoid opening RTF files in Office, and open them in something like TextEdit instead.

    • Al says:
      March 27, 2014 at 8:36 pm

      None of those of us that have researched that have found any way to do it from within MS Word. Normally the opening of an “.rtf” file would default to TextEdit, so most users will have no need to do anything. If, for some reason, you have changed those settings, then you will need to find an RTF file (ending in “.rtf”) on your hard drive, highlight it and select “Get Info” from the Finder’s File menu, about half way down the resulting dialog box you will see a section “Open with:”. If the disclosure triangle isn’t pointing down, click to reveal that section and if the popup menu shows “Microsoft Word” click on it and select something else (probably TextEdit). Now click on the “Change All…” button under that and the “Continue” button on the confirmation dialog that will come up. This last step would be a good idea even if it shows “TextEdit” just in case there are other documents that specify Word.

  • Melissa says:
    March 27, 2014 at 8:09 pm

    That’s what I figured. Disable Safari from automatically opening downloaded files and open any downloaded RTF files (Mail or Safari) using TextEdit or Pages.

  • bentkitty100 says:
    March 30, 2014 at 12:34 pm

    I can confirm that RTF files open in TextEdit by default. So assuming you don’t change that setting, you should be good to go. And if not, control-click or right-click the file and choose open with TextEdit

This post is more than 90 days old and has been locked. No further comments are allowed.