Apple Keynote URI Handler Arbitrary File Disclosure Vulnerability

A vulnerability was identified in Apple Keynote, which may be exploited exploited by attackers to disclose sensitive information. This flaw occurs when handling a specially crafted Keynote presentation called via the “keynote:” URI handler, which may be exploited by a remote attacker to read and retrieve arbitrary files from a vulnerable system.


Affected Products:
Keynote version 2.0.1
Keynote version 2.0


Note : This issue does not affect Keynote versions prior to Keynote 2


Solution: Upgrade to Keynote version 2.0.2 : http://www.apple.com/iwork/keynote/download/


http://www.frsirt.com/english/advisories/2005/0624

Leave a Reply