Mac OS X Leopard Bug Remains Unfixed, Core Security Warns

Core Security Technologies has issued an advisory days ahead of Apple’s Mac OS X 10.6.5 release, revealing information about a vulnerability that remains unfixed in Mac OS X 10.5.8, the latest version of Apple’s Leopard operating system for desktop and laptop computers.

Entitled “Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch” the vulnerability has been used to create jailbreaking software for iOS devices. It is remotely exploitable, according to Core Security.

Apple has been aware of the bug for some time, and has even developed a patch for it, but has missed two promised deadlines to release it, according to the security firm.

“The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure,” Core Security writes.

“This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font (Compact Font Format [1]),” reads their advisory.

“This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation),” the note reveals.

Mac OS X v10.5.x is affected by the vulnerability, while Mac OS X 10.6.x, Snow Leopard, remains unaffected.

The security expert notes that a patch for this fix has already been developed, citing information provided by Apple itself.

“Apple provided us a release date for this patch in two opportunities but then failed to meet their our deadlines without giving us any notice or explanation,” the company writes.

“Apple Mac OSX 10.6 is not affected by this vulnerability, upgrading to this version is highly recommed when possible,” Core Security outlines.

Finally, the security firm credits Anibal Sacco and Matias Eissler for discovering and investigating the bug, both of whom are Core Security Technologies employees.