This document describes the security enhancements included with the Keynote 2.0.2 update, which can be downloaded and installed using Software Update, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
This article has been archived and is no longer updated by Apple.
CVE-ID: CAN-2005-1408 Available for: Keynote 2, Keynote 2.0.1 Impact: A maliciously modified Keynote presentation could be constructed to retrieve files from the local system. Description: With a specially crafted Keynote presentation and the use of the "keynote:" URI handler, it is possible that local files could be read and then sent to an arbitrary network location. This issue has been addressed in two ways: References to external resources have been limited, and the registration of the "keynote:" URI handler has been removed. This issue does not affect Keynote versions prior to Keynote 2. Credit to David Remahl (www.remahl.se/david) for reporting this issue.