site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-05-25 Keynote 2.0.2 Keynote 2.0.2 is now available and delivers the following security improvement: CVE-ID: CAN-2005-1408 Impact: A maliciously modified Keynote presentation could be constructed to retrieve files from the local system Description: With a specially crafted Keynote presentation and the use of the "keynote:" URI handler, it is possible that local files could be read and then sent to an arbitrary network location. This issue has been addressed in two ways: references to external resources have been limited, and the registration of the "keynote:" URI handler has been removed. This issue does not affect Keynote versions prior to Keynote 2. Credit to David Remahl of www.remahl.se/david for reporting this issue. Keynote 2.0.2 is available at http://www.apple.com/iwork/keynote/download/ for Keynote versions 2 and 2.0.1 The download file is named: "Keynote2.0.2.dmg" Its SHA-1 digest is: 48e5befa0ef44b91fe3abd21a948e7ec4795a711 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQpU98IHaV5ucd/HdAQLaNAf/a5a9TIF28L3jD+KwAVvgS+e5R7omo7MJ jaw0evZ96Iui9pKUYOZx2x2fvpMsVOumJzNQ84MDuJlzUeDK5xWa+mfE+zt5x+Ml 5+/8XVrRRAMrYfF6/7xD4YhdC9C7boe3LPH//GlPkczDezAqCr4bxL6ogE8F8Sl3 jBVjBM1OLKFeDTTVyKlz6aUVUejqvBLKLAjXFbYQLT7d46K4q56ysjqX3OdQ4ZRD 0bP1hDkV4/yUqOlxrF/w2gHelvl56QV97lKMyDkueB+hYkN4Ge5pFqbaC8n1GNRN 0VXDlUzj8OUKTujvivLWz/5QZrWLgruwd6QvO3HioAru7etsMX+HSQ== =qRIm -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com