Apple delivered patches for its Mac OS X 10.5.8 and 10.6.3 yesterday in response to the drive-by vulnerability unveiled by researcher Charlie Miller at last month’s CanSecWest conference. Miller demonstrated the ability to hack what was supposed to be a fully patched MacBook, using the device’s Safari browser, during the event’s Pwn2Own contest.
However, the Apple security update indicates that vulnerabilities in the Safari browser were not to blame for the hack, but the company did give credit to Miller for discovering the weakness. Instead the problem lies in the way that Apple Type Services (ATS) processes fonts.
According to the Apple update: “An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.” Apple said that this security update addresses the vulnerability “through improved index checking”.