[22879] in bugtraq
Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability
daemon@ATHENA.MIT.EDU (TAKAGI, Hiromitsu)
Wed Oct 17 12:36:37 2001
Date: Wed, 17 Oct 2001 10:45:18 +0900
From: "TAKAGI, Hiromitsu" <takagi.hiromitsu@aist.go.jp>
To: bugtraq@securityfocus.com
Message-Id: <20011017104135.EBF2.TAKAGI.HIROMITSU@aist.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Java runtime (J2SE) for Mac OS X v10.0.x has a security hole.
It seems to have been fixed in Mac OS X v10.1.
http://www.apple.com/support/security/security_updates.html
> Security updates are listed below according to the software release in
> which they first appeared:
> Mac OS X v10.1
> o system clipboard / J2SE - Fixes a security issue that permitted
> unauthorized applets access to the system clipboard.
However, the patch for Mac OS X 10.0 has not been released.
Workaround:
Buy Mac OS X v10.1 or do not use Java applets on Mac OS X v10.0
A brief history of this issue:
On 9 Feb 2001 Cameron McNeil wrote:
> To: java-dev@lists.apple.com
> I've recently been playing around with applets and MRJ2.2.4 and I've noticed
> that unsigned applets have access to the system clipboard. I remember
> reading somewhere that the system clipboard was considered outside of the
> sandbox, I know that in windows if you attempt to access the clipboard it
> will throw a security exception. Is this a bug in the MRJ security model or
> was the ability to access the clipboard left in intentionally?
On 9 Feb 2001 Eric Albert <ealbert@apple.com> wrote:
> To: java-dev@lists.apple.com
> That may well be a bug...I ran into that a month or two ago and was
> wondering why MRJ allowed it. Please file a bug report.
On 5 Jun 2001 TAKAGI, Hiromitsu <takagi@etl.go.jp> wrote:
> To: java-dev@lists.apple.com
> On 1 Jun 2001 Mickey Segal wrote:
> > Are there release notes telling us what is fixed in MRJ 2.2.5?
> > The description at http://www.apple.com/java/ reflects only MRJ 2.2.4.
>
> This release seems to contain a security fix. The clipboard tapping
> vulnerability which was discovered here on Feb 9(*) has been fixed.
> However, Apple hasn't notified customers of this fix yet in the release
> note nor the security bulletin.
> http://asu.info.apple.com/swupdates.nsf/artnum/n11927
> http://www.apple.com/support/security/security_updates.html
On 6 Jun 2001 TAKAGI, Hiromitsu <takagi@etl.go.jp> wrote:
> To: java-dev@lists.apple.com
> Cc: product-security@apple.com, java-security@sun.com
>
> > This release seems to contain a security fix. The clipboard tapping
> > vulnerability which was discovered here on Feb 9(*) has been fixed.
>
> I prepared a test applet for this vulnerability.
> http://java-house.etl.go.jp/~takagi/java/security/mrj-clipboard/Test.html
> ...and found that J2SE v1.3 for Mac OS X is also vulnerable.
> Why hasn't it been fixed?
--
Hiromitsu Takagi, Ph.D.
National Institute of Advanced Industrial Science and Technology,
Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan
http://staff.aist.go.jp/takagi.hiromitsu/
