Apple released a security update Aug. 24 that fixes 13 vulnerabilities.
Apple released a security
update for Mac OS X that patches 13 vulnerabilities.
The release fixes issues in
several components, including CoreGraphics and Apple Type Services. Several of
the vulnerabilities are buffer overflows that could be exploited to execute
According to the Apple advisory
the ATS (Apple Type Services) bug can be triggered by viewing or downloading a
document containing a malicious embedded font. If exploited, hackers could use
it to run code. Apple said it fixed the issue through improved bounds checking.
A heap buffer overflow due
to Core Graphics'
handling of PDF files can also be
exploited by attackers to run arbitrary code, and the problem was likewise
addressed with improved bounds checking.
Five of the vulnerabilities
affect PHP, and were addressed by updating to PHP 5.3.1. A sixth PHP bug-a
buffer overflow in PHP's libpng library-was swatted by updating libpng within
PHP to version 1.4.3. That last issue can be exploited via a malicious PNG image, and does not affect systems
prior to Mac OS X v10, according to the advisory.
Other components affected
by the update include CFNetwork, libsecurity, Samba and ClamAV.