[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(no subject)

Subject: (no subject)
From: Apple Product Security <email@hidden>
Date: Wed, 25 May 2005 20:13:30 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-05-25 Keynote 2.0.2

Keynote 2.0.2 is now available and delivers the following security
improvement:

CVE-ID:  CAN-2005-1408

Impact:  A maliciously modified Keynote presentation could be
constructed to retrieve files from the local system

Description:  With a specially crafted Keynote presentation and the
use of the "keynote:" URI handler, it is possible that local files
could be read and then sent to an arbitrary network location.  This
issue has been addressed in two ways:  references to external
resources have been limited, and the registration of the "keynote:"
URI handler has been removed.  This issue does not affect Keynote
versions prior to Keynote 2.  Credit to David Remahl of
www.remahl.se/david for reporting this issue.

Keynote 2.0.2 is available at
http://www.apple.com/iwork/keynote/download/
for Keynote versions 2 and 2.0.1

The download file is named:  "Keynote2.0.2.dmg"
Its SHA-1 digest is:  48e5befa0ef44b91fe3abd21a948e7ec4795a711

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQpU98IHaV5ucd/HdAQLaNAf/a5a9TIF28L3jD+KwAVvgS+e5R7omo7MJ
jaw0evZ96Iui9pKUYOZx2x2fvpMsVOumJzNQ84MDuJlzUeDK5xWa+mfE+zt5x+Ml
5+/8XVrRRAMrYfF6/7xD4YhdC9C7boe3LPH//GlPkczDezAqCr4bxL6ogE8F8Sl3
jBVjBM1OLKFeDTTVyKlz6aUVUejqvBLKLAjXFbYQLT7d46K4q56ysjqX3OdQ4ZRD
0bP1hDkV4/yUqOlxrF/w2gHelvl56QV97lKMyDkueB+hYkN4Ge5pFqbaC8n1GNRN
0VXDlUzj8OUKTujvivLWz/5QZrWLgruwd6QvO3HioAru7etsMX+HSQ==
=qRIm
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2005-05-19 Mac OS X v10.4.1
Next by Date: APPLE-SA-2005-05-31 QuickTime 7.0.1
Previous by thread: APPLE-SA-2005-05-19 Mac OS X v10.4.1
Next by thread: APPLE-SA-2005-05-31 QuickTime 7.0.1
Index(es):
- Date
- Thread

Home