14 DAY TRIAL // The Cupertino, California-based company creating Macs has released this year’s fifth security update for the operating system powering its computers. Security Update 2010-005 patches a total of 13 holes, which Apple thoroughly describes on the Support area of its web site.
Security Update 2010-005 is available for both Mac OS X 10.5 Leopard, and Mac OS X 10.6 Snow Leopard.
Client and Server versions of the update have been created by Apple, which means there are four separate downloads listed on the Apple Support site.
“Security Update 2010-005 is recommended for all users and improves the security of Mac OS X,” Apple states.
“Previous security updates have been incorporated into this security update,” the company outlines.
In typical manner, a Support document containing details on the update is then provided.
Technote HT4312 sheds light on the issues fixed by Security Update 2010-005, beginning with an ATS flaw.
Affecting Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, and Mac OS X Server v10.6.4, “a stack buffer overlow exists in Apple Type Services' handling of embedded fonts.”
“Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution,” Apple explains.
“This issue is addressed through improved bounds checking,” the Mac maker notes.
Perhaps the most important fix of all relates to CoreGraphics, where Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) found that opening a maliciously crafted PDF file could lead to an unexpected application termination or arbitrary code execution.
“A heap buffer overflow exists in CoreGraphics' handling of PDF files,” Apple elaborates.
“Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution,” it outlines.
“This issue is addressed through improved bounds checking,” Apple says.
The Mac maker credits Branco for reporting this issue and moves on to mention the rest of the patched bugs.
Also noteworthy, Mac OS X v10.6.4 and Mac OS X Server v10.6.4 are suffering from multiple vulnerabilities in PHP 5.3.1.
The most serious of them may lead to arbitrary code execution, Apple says. To address this, PHP is updated to version 5.3.2 in Security Update 2010-005.
The PHP website (http://www.php.net/) reportedly holds more information.
All versions of the security update from Apple can be obtained from the links below.