Author Topic: iSight Security Hole plugged  (Read 5050 times)

Offline gunug

  • TS Addict
  • *****
  • Posts: 6660
  • TS πάλινδρóμος
    • View Profile
iSight Security Hole plugged
« on: December 20, 2006, 09:39:01 AM »
Scary if you have an iSight and surf in the buff:

http://docs.info.apple.com/article.html?artnum=304916

I didn't login to see this but in case you have to:

QUOTE
Security Update 2006-008

    *

      QuickTime for Java, Quartz Composer

      CVE-ID: CVE-2006-5681

      Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8

      Impact: Visiting a malicious web site may lead to information disclosure

      Description: Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information. This update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets. Quartz Composer compositions continue to function locally. Applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. This issue does not affect systems prior to Mac OS X v10.4. It also does not affect the Windows platform. Credit to Geoff Beier for reporting this issue.
« Last Edit: December 20, 2006, 09:40:53 AM by gunug »
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"

Offline tacit

  • TS Addict
  • *****
  • Posts: 1629
    • View Profile
    • http://www.xeromag.com/
iSight Security Hole plugged
« Reply #1 on: December 20, 2006, 04:13:53 PM »
Only scary if you have an iSight, surf in the buff, AND have the iSight turned on and displaying inside a window. A malicious Java applet can't actually activate the iSight if it is not already on. smile.gif

Basically, in English, this security vulnerability means that it could, in theory, be possible for a Java programmer to write a Java applet that will show him whatever is in any QuickTime window you happen to have open on your computer at the same time as you are running the Java applet. As security holes go, it's rather...farfetched.

(I remember one Apple security bug that was kind of interesting: if you had a network of Macs, *and* the Macs were all configured to get their list of users from a central LDAP server, *and* you had a BootP server on the same network, *and* an attacker could sit down in front of the BootP server and take control of it, *and* the attacker reconfigured the BootP server to send out corrupt BootP information, *and* someone using one of the Macs on the network restarted his computer, then the attacker could get the root password for that Mac. Talk about farfetched scenarios...but Apple fixed it anyway.)
A whole lot about me: www.xeromag.com/franklin.html

Offline ()

  • TS Addict
  • *****
  • Posts: 1102
    • View Profile
    • http://
iSight Security Hole plugged
« Reply #2 on: December 20, 2006, 11:32:40 PM »
I put a piece of paper and tape over my eyesite cam on my iMac intelcore.

I really don't think people should be allowed to watch you through your iSight cam unless you give permission and connect directly to someone on the net.

Offline Gregg

  • TS Addict
  • *****
  • Posts: 11749
    • View Profile
    • http://
iSight Security Hole plugged
« Reply #3 on: December 21, 2006, 07:51:20 AM »
My eysight ain't what it used to be, so I'm not too concerned...

See what I mean?
« Last Edit: December 21, 2006, 07:52:02 AM by Gregg »
Ya gotta applaud those bunnies for sacrificing their hearing just so some guy in Cupertino can have better TV reception.

Offline tacit

  • TS Addict
  • *****
  • Posts: 1629
    • View Profile
    • http://www.xeromag.com/
iSight Security Hole plugged
« Reply #4 on: December 21, 2006, 06:51:30 PM »
QUOTE(Nutterbutter @ Dec 21 2006, 05:32 AM) <{POST_SNAPBACK}>
I put a piece of paper and tape over my eyesite cam on my iMac intelcore.

I really don't think people should be allowed to watch you through your iSight cam unless you give permission and connect directly to someone on the net.


People can't. Breathless hype aside, this security vulnerability does not mean that another person can take over and activate your iSight without your knowledge.

Also, the little green light next to the iSight will always be on if the iSight is on; if that light is off, the iSight is not even getting power. So you can relax. smile.gif
A whole lot about me: www.xeromag.com/franklin.html

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 25521
  • 27" iMac (mid-17), Mac mini, both 10.14.6
    • View Profile
    • Mid-South Weather
iSight Security Hole plugged
« Reply #5 on: December 21, 2006, 08:09:28 PM »
QUOTE("tacit")
...the little green light next to the iSight will always be on if the iSight is on; if that light is off, the iSight is not even getting power...
Sure! That's easy for you to say/write! But how do the rest of us know that the little green light is not the real camera?! So covering up what looks like the lens won't help, anyway! It's all a conspiracy! They are out to spy on us! And now Apple is helping them! What next! Apple will force us to put all our applications in a single directory? Paranoid.gif rant.gif harhar.gif
I don’t like the fact that my chances of survival seem to be linked to the common sense of others. :Thinking:

Offline gunug

  • TS Addict
  • *****
  • Posts: 6660
  • TS πάλινδρóμος
    • View Profile
iSight Security Hole plugged
« Reply #6 on: December 21, 2006, 08:56:12 PM »
QUOTE
Elisabeth Schwarzkopf?


What about her?
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"

Offline Gregg

  • TS Addict
  • *****
  • Posts: 11749
    • View Profile
    • http://
iSight Security Hole plugged
« Reply #7 on: December 22, 2006, 07:50:19 AM »
QUOTE(gunug @ Dec 21 2006, 08:56 PM) <{POST_SNAPBACK}>
What about her?


Good question. I think...
Ya gotta applaud those bunnies for sacrificing their hearing just so some guy in Cupertino can have better TV reception.

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 25521
  • 27" iMac (mid-17), Mac mini, both 10.14.6
    • View Profile
    • Mid-South Weather
iSight Security Hole plugged
« Reply #8 on: December 22, 2006, 02:17:49 PM »
Had me there for a second, gunug! smile.gif I thought I had posted in the wrong thread! Gregg, I think he meant to post in <this thread> to HighMac. dntknw.gif
I don’t like the fact that my chances of survival seem to be linked to the common sense of others. :Thinking:

Offline Gregg

  • TS Addict
  • *****
  • Posts: 11749
    • View Profile
    • http://
iSight Security Hole plugged
« Reply #9 on: December 23, 2006, 02:34:01 PM »
Must be that darn tabbed browser...
Ya gotta applaud those bunnies for sacrificing their hearing just so some guy in Cupertino can have better TV reception.