Apple Mac OS X Security Update Patches PDF Exploit

Apple Mac OS X Security Update Patches PDF Exploit

Apple released a Mac OS X security update today that patches a critical PDF vulnerability and a handful of other security issues.

Security Update 2010-005 supplies a fix that addresses a “heap buffer overflow” that exists in CoreGraphics and the way it handles PDF files. The vulnerability could have allowed the “unexpected application termination of arbitrary code execution” via a malformed PDF file.

It is interesting to note that this sounds just like the exploit hackers used to jailbreak iOS 4 on the iPhone. It is possible that it is the same since the two Operating Systems are said to share the same code base. However, there isn’t any indication that this is true in Apple’s support document. Apple released the update for the iPhone exploit, iOS 4.0.2, a few weeks ago.

This update also addresses a “stack buffer overflow” that would allow arbitrary code execution through a malformed embedded font and the remainder of fixes in the update resolve problems with network security.

Complete information about this update can be found at support.apple.com/kb/HT4312.

Security Update 2010-005 is available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 via Software Update or direct download.

Related

About the author

David W. MartinDavid W. Martin has more than 20 years of experience in the industry as a programmer, systems and business analyst, author, and consultant. David has written for CNET's iPhoneatlas.com, MacLife.com, CultofMac.com, BYTE.com and recently for aNewDoman.net. He comes to Cult of Mac's website with deep knowledge and passion for the all things Apple. Follow David on Twitter @david_w_martin or see what he's up to now at davidwmartin.com.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in Mac, News, OS X, Security |