• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
(no subject)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(no subject)

  • Subject: (no subject)
  • From: Apple Product Security <email@hidden>
  • Date: Wed, 25 May 2005 20:13:30 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-05-25 Keynote 2.0.2

Keynote 2.0.2 is now available and delivers the following security
improvement:

CVE-ID:  CAN-2005-1408

Impact:  A maliciously modified Keynote presentation could be
constructed to retrieve files from the local system

Description:  With a specially crafted Keynote presentation and the
use of the "keynote:" URI handler, it is possible that local files
could be read and then sent to an arbitrary network location.  This
issue has been addressed in two ways:  references to external
resources have been limited, and the registration of the "keynote:"
URI handler has been removed.  This issue does not affect Keynote
versions prior to Keynote 2.  Credit to David Remahl of
www.remahl.se/david for reporting this issue.

Keynote 2.0.2 is available at
http://www.apple.com/iwork/keynote/download/
for Keynote versions 2 and 2.0.1

The download file is named:  "Keynote2.0.2.dmg"
Its SHA-1 digest is:  48e5befa0ef44b91fe3abd21a948e7ec4795a711

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQpU98IHaV5ucd/HdAQLaNAf/a5a9TIF28L3jD+KwAVvgS+e5R7omo7MJ
jaw0evZ96Iui9pKUYOZx2x2fvpMsVOumJzNQ84MDuJlzUeDK5xWa+mfE+zt5x+Ml
5+/8XVrRRAMrYfF6/7xD4YhdC9C7boe3LPH//GlPkczDezAqCr4bxL6ogE8F8Sl3
jBVjBM1OLKFeDTTVyKlz6aUVUejqvBLKLAjXFbYQLT7d46K4q56ysjqX3OdQ4ZRD
0bP1hDkV4/yUqOlxrF/w2gHelvl56QV97lKMyDkueB+hYkN4Ge5pFqbaC8n1GNRN
0VXDlUzj8OUKTujvivLWz/5QZrWLgruwd6QvO3HioAru7etsMX+HSQ==
=qRIm
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
APPLE-SA-2005-05-19 Mac OS X v10.4.1

    • 

  • Next by Date:
APPLE-SA-2005-05-31 QuickTime 7.0.1

    • 

  • Previous by thread:
APPLE-SA-2005-05-19 Mac OS X v10.4.1

    • 

  • Next by thread:
APPLE-SA-2005-05-31 QuickTime 7.0.1

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •