Apple releases Security Update 2010-003 for OS X Leopard and Snow Leopard

Apple Inc. ^ | 04/14/2010

[Swordmaker]

About the content of Security Update 2010-003
Last Modified: April 14, 2010
Article: HT4131

Products Affected
Product Security, Mac OS X Server 10.5, Mac OS X 10.5, Mac OS X 10.6, Mac OS X Server 10.6

Security Update 2010-003

ATS

CVE-ID: CVE-2010-1120
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3

Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.

Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking. Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue.

[Swordmaker]

This security update closes the vulnerability revealed and demonstrated by Charlie Miller when he won the latest CanSec West Tipping Point Security Challenge contest in which OS X, Windows 7, and Linux all fell to hackers in short order.

As last year's winner,and defending champion, Miller received the first time slot to make his hacking attempt and again chose to attack OS X. Two minutes into his assault with an attack that took three weeks to find and prepare with the assistence of his two ex-NSA computer-security employees, OS X fell to this now closed, previously un-revealed vulnerability, securing this year's win, $10,000, and a MacBook Pro for Miller.

Windows 7 and Linux also fell under the first assaults aimed at their defenses by the expert hackers at CanSec West. All attacks were pre-prepared this year, unlike previous years' contests, where Miller was the only one who came with a pre-researched, prepared exploit.

[Swordmaker]

It's time for all security conscious Mac owners with Leopard and Snow Leopard to click on the black Apple menu item and select "Software update..." PING!

Apple has release the patch to close the security vulnerability disclosed and exploited by Charlie Miller when he won this year's CanSec West computer security Blackhat hacking contest earlier this month by hacking into a MacBook Pro and winning the laptop and $10,000!

Mac Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Mr. Blonde]

In before the “I thought Macs were hacker proof” posts.

[tubebender]

Done. Thanks...

[Salo]

Thanks - seems to have been a lot of Apple patches lately - on the OS and apps.

[vox_freedom]

Thanks Swordmaker, for the
!

[Leonard210]

I was just thinkin' the same.

Some times you have to hunt them down.



11 trolls. Click for the answer.

[Vinnie]

Got it. Thanks

[Swordmaker]

Thanks - seems to have been a lot of Apple patches lately - on the OS and apps.

Nope, just three batches of security updates this year for THREE versions of the Operating System. That's not too bad.

And Apple includes all updates for UNIX and Apps...

[jacquej]

Thanks for the ping, Swordmaker. I wouldn’t hve known till Saturday, when my Mac does it’s weekly software update check.

You keep me ahead of the curve!