Apple releases Keynote 2.0.2, plugs security hole
Apple releases Keynote 2.0.2, plugs security hole
Apple has released Keynote 2.0.2, a maintenance update to its PowerPoint-compatible presentation software (part of the iWork suite).
The new release eliminates a potential vulnerability where maliciously modified Keynote presentation could be constructed to retrieve files from the local system.
Apple's description reads "With a specially crafted Keynote presentation and the use of the 'keynote:' URI handler, it is possible that local files could be read and then sent to an arbitrary network location. This issue has been addressed in two ways: References to external resources have been limited, and the registration of the 'keynote:' URI handler has been removed. This issue does not affect Keynote versions prior to Keynote 2. Credit to David Remahl (www.remahl.se/david) for reporting this issue."
The new release is available through Software Update, or as a standalone Web download.
If you are having any problems with the new release, please let us know.
Resources