Apple Mac OS X ATS Font Processing Invalid Index Vulnerability
RISK: Medium Risk
A vulnerability has been identified in Apple Mac OS X, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an invalid index within the Apple Type Services (ATS) when processing embedded fonts via the "TType1ParsingContext::SpecialEncoding()" function in "libFontParser.dylib", which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted document (e.g. PDF).
Impact
- Remote Code Execution
System / Technologies affected
- Apple Mac OS X version 10.5.8 and prior
- Apple Mac OS X version 10.6.3 and prior
- Apple Mac OS X Server version 10.5.8 and prior
- Apple Mac OS X Server version 10.6.3 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply Apple Security Update 2010-003 (Snow Leopard) :
http://support.apple.com/kb/DL1029Apply Apple Security Update 2010-003 (Leopard-Client) :
http://support.apple.com/kb/DL1027Apply Apple Security Update 2010-003 (Leopard-Server) :
http://support.apple.com/kb/DL1028
Vulnerability Identifier
Source
Share with