11 Replies Latest reply: Dec 26, 2006 9:11 AM by Steve Wainstead
Links Level 4 Level 4 (1,780 points)
First a quote from MacRumors:

"Apple has released Security Update 2006-008 for Mac OS X 10.4.8 (client and server). The 1.8 MB update addresses a vulnerability in Quicktime for Java and Quartz Composer.

It appears as though the update fixes a vulnerability where a specially-crafted Java applet could obtain images rendered on screen by embedded QuickTime objects and upload them to the originating website. Because QuickTime can be used in conjunction with Quartz Composer, this could theoretically allow a hacker to craft a applet that could obtain an attached (or built-in) iSight camera's images. While external iSight cameras have the ability to physically close an iris and turn the camera off, built-in iSight cameras (such as on the MacBook, MacBook Pro, and iMac) can not be physically turned off."


There is an O'Reilly Network page for testing the exploit.

<http://www.oreillynet.com/lpt/wlg/7409>

Before I applied the update I went there only to be greeted with the page displaying
the live output of my BlackMagic capture card!!!
Next I disabled the drivers for this card and rebooted.
This time the page showed the output of my camcorder which I use for iChat.
At this point I should point out that iChat was NOT running.

I applied the update and rebooted.
This did not fix the problem at all.
A friend with an external iSight tried the same things and after the patch his iSight was still
being broadcast on the page.

This is absurd!

G5 1.8 DP (PCI-X), Mac OS X (10.4.8), ATI X800 XT, 4GB RAM, 20" & 23" ACDs, M-Audio Revolution 5.1, Fostex D15 DAT
  • recd Level 1 Level 1 (5 points)
    Applied this update and rebooted, will not boot. Cannot locate OSX startup disk. Have an OS9 folder with a question mark
  • Links Level 4 Level 4 (1,780 points)
    Chris Adamson has recently responded to a similar post I made at MacRumors forum:

    Hi. I'm Chris Adamson, the author of the blog you're quoting, and I want to clarify that the blog does not constitute a test of the exploit. It will continue to work even after you've applied the security patch.

    The page does one thing: it shows that a Quartz Composer composition can turn on your camera. This is not a security issue in and of itself, because the image from the camera is only used locally (ie, shown in the web page). This example uses the QuickTime plug-in to put the Quartz Composer composition, saved as a QuickTime "movie", in a web page.

    The actual exploit uses a second technology, QuickTime for Java, to load the Quartz Composer movie into a Java applet. Once it does this, the applet can then get the image from the camera and then upload it to a server.

    Apple's security fix only disallows this combination. It prohibits "unsigned" applets (those that don't assert the identity of their authors and ask for insecure access to the system) from loading Quartz Composer compositions. Therefore, the applet cannot load the movie that turns on your camera. Note that signed applets, and full-blown double-clickable QTJ applications, are assumed to have full access to your system and thus can still load QC compositions.

    So now you know. And knowing is half the battle.
  • tomico Level 1 Level 1 (0 points)
    Applied this update and rebooted, will not boot.
    Cannot locate OSX startup disk. Have an OS9 folder
    with a question mark


    My computer is stuck rebooting for a long long time ...
  • Mike ps73 Level 1 Level 1 (0 points)
    I applied the security update...and now my iMac will not start. This isn't good. Now what??
  • Mike ps73 Level 1 Level 1 (0 points)
    Applecare had me reset the PMU...and now everythings good again.

    Mike.
  • Klaus1 Level 8 Level 8 (45,520 points)
    I just made sure my iMac was running properly, repaired permissions, quit all applications, downloaded the update, installed, repaired permisions again.

    No problems.
  • Bobsax Level 1 Level 1 (55 points)
    Applecare had me reset the PMU...and now everythings
    good again.

    Mike.


    What is PMU and how do you reset it ??
    I'm freaking out here because I just downloaded the last two Security Updates and the Java QT update also . When I clicked on restart after the download I've got gray-screen with spinning thing for the last hour .
  • Jpfresno Level 4 Level 4 (3,020 points)
    All OK here w 06-007 and 008 after a Dantz Retro' Expr' duplicate for a bootable BU. (Which I checked to be sure it worked.) Thanks to Kappy for encouraging me to go that way.
  • Guylaine D'Amours Level 2 Level 2 (185 points)
    Ditto
  • Bobsax Level 1 Level 1 (55 points)
    Shut down and did a safe boot . so far so good .> > Applecare had me reset the PMU...and now
    everythings
    good again.

    Mike.


    What is PMU and how do you reset it ??
    I'm freaking out here because I just downloaded the
    last two Security Updates and the Java QT update also
    . When I clicked on restart after the download I've
    got gray-screen with spinning thing for the last hour
    .
  • Steve Wainstead Level 1 Level 1 (5 points)
    Apple's instructions on resettingt the Power Management Unit (PMU) are here:

    http://docs.info.apple.com/article.html?artnum=14449

    Unfortunately it didn't solve the problem for me (in my case, I installed the last two security updates on my mom's Powerbook; now it stops at the blue screen before the login window). Still looking for a fix.

    ~swain