Tuesday, August 24, 2010, 04:50 pm PT (07:50 pm ET)
Apple releases Mac OS X security update to patch PDF exploitApple released a Mac OS X security update Tuesday that fixes a critical PDF vulnerability.
The update, labeled Security Update 2010-005, addresses a "heap buffer overflow" in the way CoreGraphics handles PDF files. The vulnerability could allow "unexpected application termination or arbitrary code execution" through a malicious PDF file.
It is unclear whether this fix is related to the PDF exploit on iOS 4 that allowed hackers to jailbreak the iPhone. Apple released an update on August 11 that addressed the iOS PDF exploit.
Security Update 2010-005 also patches a "stack buffer overflow" that would allow arbitrary code execution through a malicious embedded font. Both the PDF and the font vulnerabilities are fixed through "improved bounds checking."
Also included in the update are several routine fixes to network security flaws.
The update affects Mac OS X Server 10.5, Mac OS X 10.5.8 , Mac OS X Server 10.6 , and Mac OS X 10.6.4.
On Topic: Mac OS X
- Apple updates pro-level video suite with fixes for Final Cut Pro X, Compressor and Motion
- Mailbox for Mac hits public beta, adds synced drafts and 'snooze to desktop' feature
- Rumor: Undisclosed security breach cause of Apple's new Gatekeeper app signing policy
- Apple releases OS X Yosemite Developer Preview 6, Xcode 6 beta 6
- Apple releases Safari 6.1.6 and Safari 7.0.6 with security improvements