December 5, 2016

Critical vulnerability in Apple OS

Core Security released a report about a vulnerability in Apple Mac OS X v10.5.x. With reference to this report, the Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure.

This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font (Compact Font Format). This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation).

Apple has confirmed the issue and it is working on it with reference to Core Security.  Apple Mac OSX 10.6 is not affected by this vulnerability, upgrading to this version is highly recommed when possible.

Source:[coresecurity.com]

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks