diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Nov102010

Mac OS X 10.5 Security Flaw Publicized After Apple Fails to Patch, Recommended Upgrade to Mac OS X 10.6.5

Core Security has relased information about a serious security vulnerability in Apple’s Mac OS X 10.5, that could allow hackers to take complete control of a vulnerable machine via malicious PDF files.

“In an advisory, Core Security said Apple claims it already has a patch prepared for this issue but failed to release the fix despite several promises. Apple didn’t give any reasons for skipping the patch release,” said Core.

Here’s the problem:

Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of CharStrings INDEX structure.

This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font (Compact Font Format.

This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation).

Core encourages Apple users to upgrade to Apple Mac OSX 10.6, which isn’t affected by this vulnerability.

[Source, Via]

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...