Apple details iWork 9.1 security fixes
Five days after it was released, Apple has provided details of the security related changes in iWork 9.1, also referred to as "iWork Update 6". As well as adding support for Mac OS X 10.7 Lion, the latest update to the iWork 09 office suite – comprising Pages (documents), Numbers (spreadsheets) and Keynote (presentations) – addresses a total of three security holes.
According to Apple, buffer overflow and memory corruption issues in Numbers could be used by an attacker to crash the application or execute arbitrary code. A memory corruption bug in Pages when handling Microsoft Word documents that could lead to arbitrary code execution has also been fixed. For an attack to be successful, a victim must first open a specially crafted malicious Excel or Word file.
Two of the vulnerabilities were reported by Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative, and Tobias Klein who worked with VeriSign iDefense Labs. Versions 9.0 to 9.05 are affected. All users are advised to upgrade to the latest version.
iWork 9.1 requires Mac OS X 10.6.6 or later, and is available to download from Apple's support downloads page. Alternatively, Mac OS X users can upgrade to the latest release via the built-in Software Update function. Users who originally purchased Keynote, Pages or Numbers from the Mac App Store can install the latest update from the "Updates" tab in the Mac App Store.
- iWork: Security features in the iWork 9.1 Update, security advisory from Apple.