diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Nov102010

Mac OS X 10.5 Security Flaw Publicized After Apple Fails to Patch, Recommended Upgrade to Mac OS X 10.6.5

Core Security has relased information about a serious security vulnerability in Apple’s Mac OS X 10.5, that could allow hackers to take complete control of a vulnerable machine via malicious PDF files.

“In an advisory, Core Security said Apple claims it already has a patch prepared for this issue but failed to release the fix despite several promises. Apple didn’t give any reasons for skipping the patch release,” said Core.

Here’s the problem:

Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of CharStrings INDEX structure.

This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font (Compact Font Format.

This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation).

Core encourages Apple users to upgrade to Apple Mac OSX 10.6, which isn’t affected by this vulnerability.

[Source, Via]

Share This Story, Choose Your Platform!