Author Topic: Security Update for QuickTime in OS X  (Read 1892 times)

0 Members and 1 Guest are viewing this topic.

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Security Update for QuickTime in OS X
« on: December 20, 2006, 12:09:23 AM »


      QuickTime for Java, Quartz Composer

      CVE-ID: CVE-2006-5681

      Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8

      Impact: Visiting a malicious web site may lead to information disclosure

      Description: Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information. This update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets. Quartz Composer compositions continue to function locally. Applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. This issue does not affect systems prior to Mac OS X v10.4. It also does not affect the Windows platform.[/i] Credit to Geoff Beier for reporting this issue.
« Last Edit: December 20, 2006, 12:11:36 AM by .: Mac :. »
"People who are really serious about software should make their own hardware." - Alan Kay