Posted on 04/15/2010 8:04:06 AM PDT by Swordmaker
About the content of Security Update 2010-003
Last Modified: April 14, 2010
Article: HT4131
Products Affected
Product Security, Mac OS X Server 10.5, Mac OS X 10.5, Mac OS X 10.6, Mac OS X Server 10.6
Security Update 2010-003
ATS
CVE-ID: CVE-2010-1120
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking. Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue.
As last year's winner,and defending champion, Miller received the first time slot to make his hacking attempt and again chose to attack OS X. Two minutes into his assault with an attack that took three weeks to find and prepare with the assistence of his two ex-NSA computer-security employees, OS X fell to this now closed, previously un-revealed vulnerability, securing this year's win, $10,000, and a MacBook Pro for Miller.
Windows 7 and Linux also fell under the first assaults aimed at their defenses by the expert hackers at CanSec West. All attacks were pre-prepared this year, unlike previous years' contests, where Miller was the only one who came with a pre-researched, prepared exploit.
Apple has release the patch to close the security vulnerability disclosed and exploited by Charlie Miller when he won this year's CanSec West computer security Blackhat hacking contest earlier this month by hacking into a MacBook Pro and winning the laptop and $10,000!
If you want on or off the Mac Ping List, Freepmail me.
In before the “I thought Macs were hacker proof” posts.
Done. Thanks...
Thanks - seems to have been a lot of Apple patches lately - on the OS and apps.
Got it. Thanks
Nope, just three batches of security updates this year for THREE versions of the Operating System. That's not too bad.
And Apple includes all updates for UNIX and Apps...
Thanks for the ping, Swordmaker. I wouldn’t hve known till Saturday, when my Mac does it’s weekly software update check.
You keep me ahead of the curve!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.