This discussion is archived
1113 Views 11 Replies Latest reply: Dec 26, 2006 9:11 AM by Steve Wainstead
Currently Being ModeratedDec 20, 2006 3:37 AM (in response to Links)Chris Adamson has recently responded to a similar post I made at MacRumors forum:
Hi. I'm Chris Adamson, the author of the blog you're quoting, and I want to clarify that the blog does not constitute a test of the exploit. It will continue to work even after you've applied the security patch.
The page does one thing: it shows that a Quartz Composer composition can turn on your camera. This is not a security issue in and of itself, because the image from the camera is only used locally (ie, shown in the web page). This example uses the QuickTime plug-in to put the Quartz Composer composition, saved as a QuickTime "movie", in a web page.
The actual exploit uses a second technology, QuickTime for Java, to load the Quartz Composer movie into a Java applet. Once it does this, the applet can then get the image from the camera and then upload it to a server.
Apple's security fix only disallows this combination. It prohibits "unsigned" applets (those that don't assert the identity of their authors and ask for insecure access to the system) from loading Quartz Composer compositions. Therefore, the applet cannot load the movie that turns on your camera. Note that signed applets, and full-blown double-clickable QTJ applications, are assumed to have full access to your system and thus can still load QC compositions.
So now you know. And knowing is half the battle.G5 1.8 DP (PCI-X), Mac OS X (10.4.8), ATI X800 XT, 4GB RAM, 20" & 23" ACDs, M-Audio Revolution 5.1, Fostex D15 DAT
Currently Being ModeratedDec 20, 2006 4:57 AM (in response to recd)
Applied this update and rebooted, will not boot.
Cannot locate OSX startup disk. Have an OS9 folder
with a question mark
My computer is stuck rebooting for a long long time ...ibook G4, Mac OS X (10.4.8)
Currently Being ModeratedDec 20, 2006 8:13 AM (in response to Mike ps73)I just made sure my iMac was running properly, repaired permissions, quit all applications, downloaded the update, installed, repaired permisions again.
No problems.20" 2.1GHz iSight iMac G5, 250GB HD, 1.5GB RAM, Mac OS X (10.4.8), iLife 6.0.3, Toast 7.1.2, iTunes 7.0.1, QTPro 7.1.3
Currently Being ModeratedDec 20, 2006 3:24 PM (in response to Mike ps73)
Applecare had me reset the PMU...and now everythings
What is PMU and how do you reset it ??
I'm freaking out here because I just downloaded the last two Security Updates and the Java QT update also . When I clicked on restart after the download I've got gray-screen with spinning thing for the last hour .Powerbook, Mac OS X (10.4.6), eMac
Currently Being ModeratedDec 20, 2006 6:01 PM (in response to Links)All OK here w 06-007 and 008 after a Dantz Retro' Expr' duplicate for a bootable BU. (Which I checked to be sure it worked.) Thanks to Kappy for encouraging me to go that way.11/06 Imac 17 Intel C2D 1 GB 667 MHz SDRam OWC Merc FWHD Dantz Retro Expr, Mac OS X (10.4.8), Do not start vast problems with a half vast mind.
Currently Being ModeratedDec 20, 2006 7:04 PM (in response to Bobsax)Shut down and did a safe boot . so far so good .> > Applecare had me reset the PMU...and now
What is PMU and how do you reset it ??
I'm freaking out here because I just downloaded the
last two Security Updates and the Java QT update also
. When I clicked on restart after the download I've
got gray-screen with spinning thing for the last hour
.Powerbook, Mac OS X (10.4.6), Panther eMac
Currently Being ModeratedDec 26, 2006 9:11 AM (in response to Bobsax)Apple's instructions on resettingt the Power Management Unit (PMU) are here:
Unfortunately it didn't solve the problem for me (in my case, I installed the last two security updates on my mom's Powerbook; now it stops at the blue screen before the login window). Still looking for a fix.
~swainPowerBook G4, Mac OS X (10.4.2)