Mac OS X Security Hole Exploited at PWN2OWN Plugged
This year, during the PWN2OWN competition, hacker Charlie Miller managed to crack into a MacBook using Safari and a drive-by download exploit. For this Charlie Miller received a prize of $10,000. The vulnerability that was exploited by Charlie Miller to hack the MacBook has now been addressed by Apple.
The Cupertino-based software developer released Security Update 2010-003 to Mac OS X 10.5, Mac OS X 10.6, Mac OS X Server 10.5 and Mac OS X Server 10.6 users. The update can be downloaded by selecting “Software Update” from the Apple menu. Or it can be manually downloaded from Apple here.
SPONSORED LINKS
Here are the details about Security Update 2010-003 that Apple made public:
CVE-ID: CVE-2010-1120 Affected software: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking. Credit: Charlie Miller of TippingPoint's Zero Day Initiative.
In the case of the Snow Leopard, the update weighs in at a mere 6.5MB, so it should take but a moment to download. In the case of the Leopard, the client and server updates weigh in at 219MB and 380MB respectively. So, downloading them may take some time.
While you wait perhaps you would like to know that Intego, company that specializes in providing security solutions for Mac, has recently released VirusBarrier Server 3. Based on VirusBarrier X6, VirusBarrier Server 3 has improved detection methods and new threat-detection techniques to offer. It comes with full antivirus and antimalware protection, a two-way firewall, anti-intrusion features and a lot more – see here.