BID:21672

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

Info

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

Bugtraq ID:	21672
Class:	Design Error
CVE:	CVE-2006-5681
Remote:	Yes
Local:	No
Published:	Dec 19 2006 12:00AM
Updated:	Dec 19 2006 11:17PM
Credit:	Geoff Beier is credited with discovering this issue.
Vulnerable:	Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8

Not Vulnerable:

Discussion

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

Apple Mac OS X is prone to an information-disclosure vulnerability.

Attackers may exploit this issue by convincing victims into visiting a malicious website.

Exploiting this issue may allow remote attackers to capture images rendered locally on screen that may contain sensitive information.

Exploit / POC

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Solution / Fix

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.

Apple Mac OS X Server 10.4.8

Apple SecUpd2006-008Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12412&cat= 1&platform=osx&method=sa/SecUpd2006-008Ti.dmg

Apple SecUpd2006-008Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12413&cat= 1&platform=osx&method=sa/SecUpd2006-008Univ.dmg

Apple Mac OS X 10.4.8

Apple SecUpd2006-008Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12412&cat= 1&platform=osx&method=sa/SecUpd2006-008Ti.dmg

Apple SecUpd2006-008Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12413&cat= 1&platform=osx&method=sa/SecUpd2006-008Univ.dmg

References

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability

References: