In association with heise online

15 April 2010, 11:56

Apple patch closes Pwn2Own hole in Mac OS X

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released Security Update 2010-003 for Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6.3 and Mac OS X Server 10.6.3, closing a hole revealed at the hacker competition Pwn2Own.

At Pwn2Own, hacker Charlie Miller exploited the loophole through Safari to penetrate a Mac system and win the award in that category. The hole, previously assumed to be a Safari issue, is in fact a bug in the operating systems Apple Type Service (ATS). Apple say that by using specially prepared embedded fonts in documents, it's possible to inject code into a system and execute it.

The update is available on Mac OS X's built in Software Update application and is available to download from the Apple Downloads web page.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit