Graphics application programming interfaces (“API”) are used by programmers to create 2D and 3D graphics. The Open Graphics Library (“Open GL”) is a widely used API. The Open GL architecture allows programmers to produce consistent visual display results on any OpenGL API-compliant hardware regardless of the operating system. OpenGL for embedded systems (“OpenGL ES”) is a subset of the OpenGL API designed for embedded devices such as mobile phones, PDAs, and video game consoles.
Many malicious programs, for example spyware or viruses, may access a user's personal information, such as credit card numbers or passwords, and send this information to be used unlawfully by third parties. These malware programs typically begin their destructive behaviors after a user has taken some action, for example, selecting a link on a website or opening a malicious email.
However, in some situations, the user need not take any affirmative action in order to leave the user's computer open to security threats. For example, a programmer may also take advantage of a user's personal information by using OpenGL (or ES) to read information on the user's computer. In this case, the user may have several tabs open in a browser window. In a first tab, the user may access personal account information, for example, a bank account. In another tab, the user may be researching information about a particular topic. The user may select a web page which is generally innocuous, for example, a news site including one or more 3D graphics. The user's computer may download and display various types of information including text and 3D graphics. The graphics information is received by the user's computer and translated from the OpenGL language to an image by instructing the computer to take certain actions. For example, the programmer's instructions may require the computer to access memory outside of the confines of graphics data. In some examples, the programmer may even have access to the user's account information on another tab in the web browser. Once an outside party has access to the user's information, the user no longer has control over it. These types of security breaches may be accidental or purposeful on the part of the programmer, but may still be dangerous to users.