updated 03:30 pm EDT, Mon July 25, 2011
New apps cope with Word, Excel vulnerabilities
Several days after the release of iWork 9.1, Apple has at last published a list of security fixes in its productivity suite. Only three have been made, all revolving around files from Microsoft Office. Two of the closed vulnerabilities are attached to Excel files; prior to the v9.1 update, it was possible to code Excel files to trigger certain buffer overflows or memory corruptions in Numbers, in turn creating crashes or allowing system hijacks.
The third fix prevents a Pages exploit using a Word document. A malicious Word document could, as with the Excel files, be used to cause crashes or launch code. iWork 9.1 is available either via Software Update or Apple's support site.