Slashdot Mirror


Apple Closes iSight Security Hole

Gruber Duckie writes "Apple's security update 2006-008, posted yesterday, is a little more interesting than it sounds. According to information (and a demo!) posted at Macslash the "information leak" mentioned in Apple's advisory actually makes it possible for a web site to send whatever your (isight) web cam sees up to the server. I'm glad they fixed this quickly."

1 of 213 comments (clear)

  1. Re:Why this is interesting by IamTheRealMike · · Score: 0, Flamebait
    In sum, the reason why this is interesting is because of the ubiquitousness of the Apple iSight on Apple laptops and the fact that it's ready for use. But, someone still has to visit a malicious site and run a malicious Java applet - user interaction: the hallmark of Mac OS X vulnerabilities!

    Look, I know you like Macs, like Apple etc. It's a running theme whenever I see your posts. However, it's perfectly feasable to (say) buy a Flash advert slot on a widely used network then have the Flash movie inject an invisible java applet into the page using its DOM integration (if you even want to get that fancy). Java applets are designed to be loaded and run automatically, that's why they have this secure sandbox model that Apple went and violated in the classic fashion of integrating all its OS components with the web browser. If a Java applet can record what your camera sees that is a HUGE deal. It cannot simply be blown off like that!