Explaining the Quartz Composer / QuickTime for Java Security Hole

Chris Adamson has written an outstanding explanation, complete with demo code, of the Quartz Composer / QuickTime for Java security hole addressed by Apple’s Security Update 2006-008.

In a nut: the trick that allows a self-contained QuickTime movie to display live footage from your iSight is and always was safe (the footage never goes over the wire back to the server); it was the combination of that same trick with the QuickTime for Java APIs that allowed the footage to go back to the server, and that hole is now closed.

β˜… Friday, 22 December 2006

Ads via The Deck Ads via The Deck