Security Update 2006-008 (PPC) - 1.5MB
Security Update 2006-008 is recommended for all users and improves the security of the following components:
- Quartz Composer
- QuickTime for Java
Security Update 2006-008 (Universal) - 1.8MB
Security Update 2006-008 is recommended for all users and improves the security of the following components:
- Quartz Composer
- QuickTime for Java
Details
QuickTime for Java, Quartz Composer
CVE-ID: CVE-2006-5681
Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact: Visiting a malicious web site may lead to information disclosure
Description: Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information. This update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets. Quartz Composer compositions continue to function locally. Applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. This issue does not affect systems prior to Mac OS X v10.4. It also does not affect the Windows platform. Credit to Geoff Beier for reporting this issue.
Comments and Trackbacks
All comments made are owned by their authors. Please keep discussion clean and relevant to the main article. Basic HTML tags can be used for formatting comments, and avatars are provided by the Gravatar service.
Trackback link for this entry | RSS Feed for comments