14 DAY TRIAL // Alongside a flurry of other important software updates recently emerged from Cupertino, a certain Security Update 2010-003 can now be downloaded from the Support Downloads section of Apple’s website.
Available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3, Security Update 2010-003 patches but one issue on both the Client and Server sides of Apple’s Leopard and Snow Leopard operating systems. “Security Update 2010-003 is recommended for all users and improves the security of Mac OS X,” Apple explains. “Previous security updates have been incorporated into this security update,” the Mac maker says.
On a more detailed note, Apple reveals that Security Update 2010-003 affects Macs running either of the following operating systems: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3. As disclosed on the company’s Support area, Mac OS X 10.4 Tiger users seem to be unaffected by the issue. Speaking of which, “Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution,” the bug’s summary goes.
A broader description is offered, with Apple noting that, “An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking,” the Mac maker states, revealing that this was actually Charlie Miller’s Pwn2Own finding. Miller is a renowned security researcher with TippingPoint's Zero Day Initiative. Apple credits the security expert for reporting the issue to it.