Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2005 > Apple Security Advisory: APPLE-SA-2005-05-25 - Keynote 2.0.2

May 2005

Apple Security Advisory: APPLE-SA-2005-05-25 - Keynote 2.0.2

ID: 00441
Ref: 408/2005
Date: 26 May 2005:15:46:48
Version: 1
Title: Apple Security Advisory: APPLE-SA-2005-05-25 - Keynote 2.0.2
Abstract:
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple
Title
=====

Apple Security Advisory: APPLE-SA-2005-05-25 - Keynote 2.0.2

Detail
======

With a specially crafted Keynote presentation and the
use of the "keynote:" URI handler, it is possible that local files
could be read and then sent to an arbitrary network location. This
issue has been addressed in two ways: references to external
resources have been limited, and the registration of the "keynote:"
URI handler has been removed. This issue does not affect Keynote
versions prior to Keynote 2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-05-25 Keynote 2.0.2

Keynote 2.0.2 is now available and delivers the following security
improvement:

CVE-ID: CAN-2005-1408

Impact: A maliciously modified Keynote presentation could be
constructed to retrieve files from the local system

Description: With a specially crafted Keynote presentation and the
use of the "keynote:" URI handler, it is possible that local files
could be read and then sent to an arbitrary network location. This
issue has been addressed in two ways: references to external
resources have been limited, and the registration of the "keynote:"
URI handler has been removed. This issue does not affect Keynote
versions prior to Keynote 2. Credit to David Remahl of
www.remahl.se/david for reporting this issue.

Keynote 2.0.2 is available at
http://www.apple.com/iwork/keynote/download/
for Keynote versions 2 and 2.0.1

The download file is named: "Keynote2.0.2.dmg"
Its SHA-1 digest is: 48e5befa0ef44b91fe3abd21a948e7ec4795a711

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQpU98IHaV5ucd/HdAQLaNAf/a5a9TIF28L3jD+KwAVvgS+e5R7omo7MJ
jaw0evZ96Iui9pKUYOZx2x2fvpMsVOumJzNQ84MDuJlzUeDK5xWa+mfE+zt5x+Ml
5+/8XVrRRAMrYfF6/7xD4YhdC9C7boe3LPH//GlPkczDezAqCr4bxL6ogE8F8Sl3
jBVjBM1OLKFeDTTVyKlz6aUVUejqvBLKLAjXFbYQLT7d46K4q56ysjqX3OdQ4ZRD
0bP1hDkV4/yUqOlxrF/w2gHelvl56QV97lKMyDkueB+hYkN4Ge5pFqbaC8n1GNRN
0VXDlUzj8OUKTujvivLWz/5QZrWLgruwd6QvO3HioAru7etsMX+HSQ==
=qRIm
- -----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/uniras-adv%40niscc.gov.uk

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |