Reading and writing to the system clipboard may be outside the sandbox of Java Applets, but is a well-documented, and widely used, feature in the Object Model of Internet Explorer, when using JScript. From the documentation, this should work on Macintosh as well. If you look at the clipboardData object ( http://msdn.microsoft.com/workshop/author/dhtml/reference/objects/clipboardD ata.asp ), you will notice the clearData, getData and setData methods that it contains. A quick test: Go to your Adress bar and write Javascript:alert(clipboardData.getData("Text")) Javascript:void(clipboardData.setData("Text","your content")) Javascript:alert(clipboardData.getData("Text")) What is considered a security hole in one place may be a feature in another - Java Applets in IE has access to JScript, and hence IEs Object Model and the clipboardData object. Regards Thor Larholm Jubii A/S - Internet Programmer > -----Original Message----- > From: TAKAGI, Hiromitsu [mailto:takagi.hiromitsuat_private] > Sent: 17. oktober 2001 03:45 > To: bugtraqat_private > Subject: Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability > > > Java runtime (J2SE) for Mac OS X v10.0.x has a security hole. > It seems to have been fixed in Mac OS X v10.1. > http://www.apple.com/support/security/security_updates.html > > Security updates are listed below according to the software > release in > > which they first appeared: > > Mac OS X v10.1 > > o system clipboard / J2SE - Fixes a security issue that permitted > > unauthorized applets access to the system clipboard. > > However, the patch for Mac OS X 10.0 has not been released. > > Workaround: > Buy Mac OS X v10.1 or do not use Java applets on Mac OS X v10.0 > > A brief history of this issue: > > On 9 Feb 2001 Cameron McNeil wrote: > > To: java-devat_private > > I've recently been playing around with applets and MRJ2.2.4 > and I've noticed > > that unsigned applets have access to the system clipboard. > I remember > > reading somewhere that the system clipboard was considered > outside of the > > sandbox, I know that in windows if you attempt to access > the clipboard it > > will throw a security exception. Is this a bug in the MRJ > security model or > > was the ability to access the clipboard left in intentionally? > > On 9 Feb 2001 Eric Albert <ealbertat_private> wrote: > > To: java-devat_private > > That may well be a bug...I ran into that a month or two ago and was > > wondering why MRJ allowed it. Please file a bug report. > > On 5 Jun 2001 TAKAGI, Hiromitsu <takagiat_private> wrote: > > To: java-devat_private > > On 1 Jun 2001 Mickey Segal wrote: > > > Are there release notes telling us what is fixed in > MRJ 2.2.5? > > > The description at http://www.apple.com/java/ reflects > only MRJ 2.2.4. > > > > This release seems to contain a security fix. The clipboard tapping > > vulnerability which was discovered here on Feb 9(*) has been fixed. > > However, Apple hasn't notified customers of this fix yet in > the release > > note nor the security bulletin. > > http://asu.info.apple.com/swupdates.nsf/artnum/n11927 > > http://www.apple.com/support/security/security_updates.html > > On 6 Jun 2001 TAKAGI, Hiromitsu <takagiat_private> wrote: > > To: java-devat_private > > Cc: product-securityat_private, java-securityat_private > > > > > This release seems to contain a security fix. The > clipboard tapping > > > vulnerability which was discovered here on Feb 9(*) has > been fixed. > > > > I prepared a test applet for this vulnerability. > > http://java-house.etl.go.jp/~takagi/java/security/mrj-clipboard/Test.html > ...and found that J2SE v1.3 for Mac OS X is also vulnerable. > Why hasn't it been fixed? -- Hiromitsu Takagi, Ph.D. National Institute of Advanced Industrial Science and Technology, Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan http://staff.aist.go.jp/takagi.hiromitsu/
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 08:58:55 PDT