Infosecurity - Apple issues patch for Mac hack

Apple has issued a second security patch for its OS X for the second time in less than a month. This time the company looked to plug alleged security holes in the Safari browser that were uncovered by a researcher at this year’s CanSecWest conference.

Apple delivered patches for its Mac OS X 10.5.8 and 10.6.3 yesterday in response to the drive-by vulnerability unveiled by researcher Charlie Miller at last month’s CanSecWest conference. Miller demonstrated the ability to hack what was supposed to be a fully patched MacBook, using the device’s Safari browser, during the event’s Pwn2Own contest.

However, the Apple security update indicates that vulnerabilities in the Safari browser were not to blame for the hack, but the company did give credit to Miller for discovering the weakness. Instead the problem lies in the way that Apple Type Services (ATS) processes fonts.

According to the Apple update: “An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.” Apple said that this security update addresses the vulnerability “through improved index checking”.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Share

Related Links

Top 5 Stories

News

Apple issues patch for Mac hack

Apple has issued a second security patch for its OS X for the second time in less than a month. This time the company looked to plug alleged security holes in the Safari browser that were uncovered by a researcher at this year’s CanSecWest conference.

Comment on this article

Members' Login

Not a member?