Apple has issued Security Update 2010-005, an 84 MB update that fixes a baker’s dozen flaws in Mac OS X 10.5 and 10.6, both client and server versions. One of the vulnerabilities that is corrected is described as follows:
A stack buffer overlow exists in Apple Type Services’ handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.
This flaw is similar to the “jailbreak vulnerability” that Apple fixed on its iOS. (We discussed the iOS update two weeks ago.)
Other fixes in this update cover networking, CoreGraphics, and update PHP to version 5.3.2.
Full information about the update is available here. You can get the update, as usual, through Software Update, or by download from Apple’s Downloads page.
