Plus: A Canon ransomware hack, a nasty Twitter bug, and more of the week's top security news.
The now-patched vulnerability would have let hackers target Microsoft Office using Symbolic Link—a file type that hasn't been in common use in over 30 years.
Microsoft seems a bit hazy on what 'disable' actually meansA security hole in Office for Mac can be exploited by miscreants to potentially run malicious code on victims' shiny computers without anyone noticing.The CERT Coordination Center at Carnegie Melon University, on the US East Coast, warns the bug arises when folks activate the "disable all macros without notification" option in Office for Mac.This itself is a good security move, in that it's supposed to block code embedded in documents from running without first asking the user for approval.However, with this setting switched on, one type of macro, XLM, remains enabled, and will run without any notification when a document is opened, CERT has warned."If Office for the Mac has been configured to use the 'Disable all macros without notification' feature, XLM macros in SYLK files are executed without prompting the user," CERT explains.
Fresh code gives file systems a /var-sectomy – see inside for a manual fixOn Tuesday, Google halted deployment of a Chrome update that damaged the file system on some macOS computers and rendered them unable to boot up as normal.The issue affected enough Mac Pro workstations to warrant attention from Avid, a maker of professional audio and video applications.The company on Tuesday reassured customers that it was looking into the problem, and then said Google had accepted responsibility.Alerted to the snafu by a bug report, Google suspended its update process – the Chrome update application called Keystone – to fix the flaw."We recently discovered that a Chrome update may have shipped with a bug that damages the file system on macOS machines with System Integrity Protection (SIP) disabled, including machines that do not support SIP," the web giant said in a support post.
The United Arab Emirates (UAE) plans to grow food on Mars, and the aim is to raise tomatoes, lettuce, strawberries and date palms inside giant domes on the Red Planet.At the Dubai air show (12 to 16 November), the country first announced plans to send a probe to Mars with the help of Japan's space agency Jaxa by 2020.The idea is to begin colonisation of Mars through agriculture in partnership with Mitsubishi Heavy Industries, reports the BBC.The United Arab Emirates Space Agency (UAESA) was founded in 2014 and is currently developing the country's space industry.While it is yet to build a rocket or launch satellites into space, work on the "Hope" spacecraft has already started.According to the UAESA, its size and weight will be that of a small car.
Debate An argument about how to solve the same technical problem has sprung up between two rival startups with plenty of reason to say the other's tech is not up to scratch.But they raise some interesting issues about how to solve slow access to moved files, where to store metadata, and more.Komprise co-founder, president and COO Krishna Subramanian quickly responded with ripostes to infinite-io's assertions.IT admins hate having something look like it’s on storage, when it is not.Komprise eliminates both these issues by using dynamic links to create an open, standards-based cross-storage interface that is resilient to failures.We let existing companies (e.g.