15 April 2010, 11:56
Apple patch closes Pwn2Own hole in Mac OS X
Apple has released Security Update 2010-003 for Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6.3 and Mac OS X Server 10.6.3, closing a hole revealed at the hacker competition Pwn2Own.
At Pwn2Own, hacker Charlie Miller exploited the loophole through Safari to penetrate a Mac system and win the award in that category. The hole, previously assumed to be a Safari issue, is in fact a bug in the operating systems Apple Type Service (ATS). Apple say that by using specially prepared embedded fonts in documents, it's possible to inject code into a system and execute it.
The update is available on Mac OS X's built in Software Update application and is available to download from the Apple Downloads web page.
See also:
- About the content of Security Update 2010-003
- Pwn2Own 2010: iPhone hacked - as well as IE 8, Firefox and Safari
- Mac OS X: "safer, but less secure"
- Pwn2Own 2010: $100,000 for browser & mobile phone exploits
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-978393
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
