Slashdot Mirror
Apple Closes iSight Security Hole
Gruber Duckie writes "Apple's security update 2006-008, posted yesterday, is a little more interesting than it sounds. According to information (and a demo!) posted at Macslash the "information leak" mentioned in Apple's advisory actually makes it possible for a web site to send whatever your (isight) web cam sees up to the server. I'm glad they fixed this quickly."
The internet is full of ladies and they all surf practically naked, I know this because this is what they tell me in chatrooms and other socialising sites.
Uhm, the article said Apple, not Windows.
As is well known, we users of MacOSX are all tall with athletic bodies.
- These characters were randomly selected.
In his book, 1984, George Orwell proposed the idea of television screens that also acted as camera and allowed a remote viewer to monitor whatever was going on in front of them.
In the year 1984, Apple Computers released an advert for the first Mac with the slogan 'Why 1984 won't be like 1984.'
In the year 2005, Apple Computers released the new iMac, a device with a display screen and integrated camera which allowed a remote viewer to monitor whatever was going on in front of it.
I am TheRaven on Soylent News
Liar. There's Breakout, Super Breakout, and Photoshop!
Gamingmuseum.com: Give your 3D accelerator a rest.
Am I the only one who wishes that the laptops with the built-in iSight had a way to manually close the shutter, like the standalone iSight? I always keep mine closed when I'm not using it, but the lack of such a shutter on the laptops makes me profoundly uncomfortable at the thought of owning one. Maybe this sort of thing will serve as a wakeup call?
In Soviet Russia, websites look at you!
In the year 2005, Apple Computers released the new iMac, a device with a display screen and integrated camera which allowed a remote viewer to monitor whatever was going on in front of it.
Your Orwellian society is defeated by a piece of tape.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I should also note that, for government/military customers, Apple does have a contractor that can physically disconnect the iSight and internal microphone as part of the procurement process, and meets GSA schedules and requirements for "no-camera" or "no-microphone" environments; additionally, infrared, Bluetooth, and AirPort can also be disabled. This does not void any waranties. That contractor is:
Holmans
6201 N. Jefferson Ave
Albuquerque, NM 887109
Tony Greiner
505 343 3529
tgreiner@holmans.com
GSA schedule GS-35F-0341N
DOE authorized (LLNL and LANL)
DOE "L" clearance personnel
For individual customers, any Apple Authorized Service Provider can disconnect any or all of the above components, and are happy to accommodate such requests. Such requests also do not void warranties.
Again, these components can all be disabled by software means in managed environments where physical disconnection/removal of the device(s) is not a requirement.
I should note that this trick could technically be done any any platform with a camera: run malicious software designed to send imagery from an attached camera somewhere. But in the case of Mac OS X on Apple hardware, it becomes interesting because Apple has already done all the work to drive the camera and display within QuickTime (via Quartz Composer, the integrated camera and drivers, and so on), and then QuickTime for Java can be used via a malicious Java application or applet (which still has to be run, of course) to send images remotely. After Security Update 2006-008, a Java applet (unless it is a signed applet that is specifically allowed by the user) can no longer make such such calls to QuickTime for Java.