Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability

From: TAKAGI, Hiromitsu (takagi.hiromitsuat_private)
Date: Tue Oct 16 2001 - 18:45:18 PDT

Next message: rotaiv: "Mac OS X setuid root security hole"

Previous message: Linux Mandrake Security Team: "MDKSA-2001:081 - openssh update"
Next in thread: Thor Larholm: "RE: Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability"
Reply: Thor Larholm: "RE: Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Java runtime (J2SE) for Mac OS X v10.0.x has a security hole. 
It seems to have been fixed in Mac OS X v10.1.
http://www.apple.com/support/security/security_updates.html
> Security updates are listed below according to the software release in
> which they first appeared:
> Mac OS X v10.1
> o system clipboard / J2SE - Fixes a security issue that permitted
>   unauthorized applets access to the system clipboard.

However, the patch for Mac OS X 10.0 has not been released.

Workaround:
Buy Mac OS X v10.1 or do not use Java applets on Mac OS X v10.0

A brief history of this issue:

On 9 Feb 2001 Cameron McNeil wrote:
> To: java-devat_private
> I've recently been playing around with applets and MRJ2.2.4 and I've noticed
> that unsigned applets have access to the system clipboard. I remember
> reading somewhere that the system clipboard was considered outside of the
> sandbox, I know that in windows if you attempt to access the clipboard it
> will throw a security exception. Is this a bug in the MRJ security model or
> was the ability to access the clipboard left in intentionally?

On 9 Feb 2001 Eric Albert <ealbertat_private> wrote:
> To: java-devat_private
> That may well be a bug...I ran into that a month or two ago and was 
> wondering why MRJ allowed it.  Please file a bug report.

On 5 Jun 2001 TAKAGI, Hiromitsu <takagiat_private> wrote:
> To: java-devat_private
> On 1 Jun 2001 Mickey Segal wrote:
> >     Are there release notes telling us what is fixed in MRJ 2.2.5? 
> > The description at http://www.apple.com/java/ reflects only MRJ 2.2.4. 
> 
> This release seems to contain a security fix.  The clipboard tapping
> vulnerability which was discovered here on Feb 9(*) has been fixed.
> However, Apple hasn't notified customers of this fix yet in the release
> note nor the security bulletin.
> http://asu.info.apple.com/swupdates.nsf/artnum/n11927
> http://www.apple.com/support/security/security_updates.html

On 6 Jun 2001 TAKAGI, Hiromitsu <takagiat_private> wrote:
> To: java-devat_private
> Cc: product-securityat_private, java-securityat_private
> 
> > This release seems to contain a security fix.  The clipboard tapping
> > vulnerability which was discovered here on Feb 9(*) has been fixed.
>
> I prepared a test applet for this vulnerability.
> http://java-house.etl.go.jp/~takagi/java/security/mrj-clipboard/Test.html
> ...and found that J2SE v1.3 for Mac OS X is also vulnerable.
> Why hasn't it been fixed?


--
Hiromitsu Takagi, Ph.D.
National Institute of Advanced Industrial Science and Technology,
Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan
http://staff.aist.go.jp/takagi.hiromitsu/

Next message: rotaiv: "Mac OS X setuid root security hole"
Previous message: Linux Mandrake Security Team: "MDKSA-2001:081 - openssh update"
Next in thread: Thor Larholm: "RE: Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability"
Reply: Thor Larholm: "RE: Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 09:40:21 PDT