Mac OS X Security Hole Exploited at PWN2OWN Plugged
Article by George Norman
On 16 Apr 2010
This year, during the PWN2OWN competition, hacker Charlie Miller managed to crack into a MacBook using Safari and a drive-by download exploit. For this Charlie Miller received a prize of $10,000. The vulnerability that was exploited by Charlie Miller to hack the MacBook has now been addressed by Apple.

The Cupertino-based software developer released Security Update 2010-003 to Mac OS X 10.5, Mac OS X 10.6, Mac OS X Server 10.5 and Mac OS X Server 10.6 users. The update can be downloaded by selecting “Software Update” from the Apple menu. Or it can be manually downloaded from Apple here.


Here are the details about Security Update 2010-003 that Apple made public:

CVE-ID: CVE-2010-1120
Affected software: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3
Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution
Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking.
Credit: Charlie Miller of TippingPoint's Zero Day Initiative.

In the case of the Snow Leopard, the update weighs in at a mere 6.5MB, so it should take but a moment to download. In the case of the Leopard, the client and server updates weigh in at 219MB and 380MB respectively. So, downloading them may take some time.

While you wait perhaps you would like to know that Intego, company that specializes in providing security solutions for Mac, has recently released VirusBarrier Server 3. Based on VirusBarrier X6, VirusBarrier Server 3 has improved detection methods and new threat-detection techniques to offer. It comes with full antivirus and antimalware protection, a two-way firewall, anti-intrusion features and a lot more – see here.

Tags: Apple, Mac OS X, Vulnerability, Security, Update, Security Update 2010-003
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mac OS X Security Hole Exploited at PWN2OWN Plugged
HTML Linking Code