Apple released a Mac OS X security update today that patches a critical PDF vulnerability and a handful of other security issues.
Security Update 2010-005 supplies a fix that addresses a “heap buffer overflow” that exists in CoreGraphics and the way it handles PDF files. The vulnerability could have allowed the “unexpected application termination of arbitrary code execution” via a malformed PDF file.
It is interesting to note that this sounds just like the exploit hackers used to jailbreak iOS 4 on the iPhone. It is possible that it is the same since the two Operating Systems are said to share the same code base. However, there isn’t any indication that this is true in Apple’s support document. Apple released the update for the iPhone exploit, iOS 4.0.2, a few weeks ago.
This update also addresses a “stack buffer overflow” that would allow arbitrary code execution through a malformed embedded font and the remainder of fixes in the update resolve problems with network security.
Complete information about this update can be found at support.apple.com/kb/HT4312.
Security Update 2010-005 is available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4 via Software Update or direct download.