Apple releases Keynote 2.0.2, plugs security hole

Apple has released Keynote 2.0.2, a maintenance update to its PowerPoint-compatible presentation software (part of the iWork suite).

The new release eliminates a potential vulnerability where maliciously modified Keynote presentation could be constructed to retrieve files from the local system.

Apple's description reads "With a specially crafted Keynote presentation and the use of the 'keynote:' URI handler, it is possible that local files could be read and then sent to an arbitrary network location. This issue has been addressed in two ways: References to external resources have been limited, and the registration of the 'keynote:' URI handler has been removed. This issue does not affect Keynote versions prior to Keynote 2. Credit to David Remahl (www.remahl.se/david) for reporting this issue."

The new release is available through Software Update, or as a standalone Web download.

If you are having any problems with the new release, please let us know.

Resources