Skip to main content

Apple Mac OS X ATS Font Processing Invalid Index Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 16 Apr 2010 5430 Views

RISK: Medium Risk

A vulnerability has been identified in Apple Mac OS X, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an invalid index within the Apple Type Services (ATS) when processing embedded fonts via the "TType1ParsingContext::SpecialEncoding()" function in "libFontParser.dylib", which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted document (e.g. PDF).


Impact

  • Remote Code Execution

System / Technologies affected

  • Apple Mac OS X version 10.5.8 and prior
  • Apple Mac OS X version 10.6.3 and prior
  • Apple Mac OS X Server version 10.5.8 and prior
  • Apple Mac OS X Server version 10.6.3 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply Apple Security Update 2010-003 (Snow Leopard) :
http://support.apple.com/kb/DL1029

Apply Apple Security Update 2010-003 (Leopard-Client) :
http://support.apple.com/kb/DL1027

Apply Apple Security Update 2010-003 (Leopard-Server) :
http://support.apple.com/kb/DL1028


Vulnerability Identifier


Source