APPLE-SA-2010-04-14-1 Security Update 2010-003  
Wednesday, April 14, 2010 at 06:25PM
drStrangeP0rk in Apple, Mac OSX 10.5, Mac OSX 10.6, Updates

Apple has released a security update for Mac OSX 10.6.x client/server and an update for Mac OSX 10.5.x  client/server to address the unchecked issue in Apple Type Services (ATS) discovered by Charlie Miller. Due to uncheck indexing within ATS maliciously crafted embedded fonts will result in application failure and arbitrary code execution. ATS is a legacy framework, currently CoreText is used for Unicode. ATS is prone to various memory-corruption issues as well and is used across various applications so users need to perform this update, Apple recommends developers use Core Text and Core Graphics. It is safe to say that based on the information provided that someone with malicious intent can produce this exploit.

http://developer.apple.com/mac/library/documentation/Carbon/Conceptual/Carbon64BitGuide/OtherAPIChanges/OtherAPIChanges.html

http://support.apple.com/downloads/

Update on Wednesday, April 14, 2010 at 09:07PM by Registered CommenterdrStrangeP0rk

This is an important update, also the update will require a restart when done. 

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.