SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X Apple Type Services Font Processing Index Validation Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1023885
SecurityTracker URL:  http://securitytracker.com/id/1023885
CVE Reference:   CVE-2010-1120   (Links to External Site)
Updated:  Apr 15 2010
Original Entry Date:  Apr 14 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.6.3 and prior versions
Description:   A vulnerability was reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a document containing a specially crafted embedded font that, when viewed or downloaded by the target user, will execute arbitrary code on the target system.

Charlie Miller reported this vulnerability via TippingPoint's Zero Day Initiative.
Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (Security Update 2010-003) available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.6.3 and Mac OS X Server v10.6.3
The download file is named: SecUpd2010-003Snow.dmg
Its SHA-1 digest is: aa1579322ef07a1637b35a3ac02612ca5a22a74a

For Mac OS X v10.5.8
The download file is named: SecUpd2010-003.dmg
Its SHA-1 digest is: 3f82f68f5a96a0c103fcc3ad88da9451b48def08

For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-003.dmg
Its SHA-1 digest is: bc299a8932d02cf8e10bdb82ca6f21908d9ba50a

The vendor's advisory is available at:

http://support.apple.com/kb/HT4131
Vendor URL:  support.apple.com/kb/HT4131 (Links to External Site)
Cause:   Boundary error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Wed, 14 Apr 2010 20:32:49 +0000
Subject:  Apple Mac OS X Apple Type Services


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-04-14-1 Security Update 2010-003

Security Update 2010-003 is now available and addresses the
following:

ATS
CVE-ID:  CVE-2010-1120
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.3, Mac OS X Server v10.6.3
Impact:  Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description:  An unchecked index issue exists in Apple Type Services'
handling of embedded fonts. Viewing or downloading a document
containing a maliciously crafted embedded font may lead to arbitrary
code execution. This issue is addressed through improved index
checking. Credit to Charlie Miller working with TippingPoint's Zero
Day Initiative for reporting this issue.


Security Update 2010-003 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6.3 and Mac OS X Server v10.6.3
The download file is named: SecUpd2010-003Snow.dmg
Its SHA-1 digest is: aa1579322ef07a1637b35a3ac02612ca5a22a74a

For Mac OS X v10.5.8
The download file is named: SecUpd2010-003.dmg
Its SHA-1 digest is: 3f82f68f5a96a0c103fcc3ad88da9451b48def08

For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-003.dmg
Its SHA-1 digest is: bc299a8932d02cf8e10bdb82ca6f21908d9ba50a

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJLxOTRAAoJEHkodeiKZIkB2uUH/0saBGpRetrfTEe+deMk6ExP
56eswhN8b9jxfhtB0yQK42q/uty1pE25BC+WMcGYvdzMJnYMjgK3OYsfbbNwtoCU
n1pZYCcdCmGI/CiNxrgfnt9mB00WZdLSjVxXkYL257ARPzU4Mz65M+XHaWepeQQm
Y8kG2U3bxTJ5BRymYShyCy/UP9g/xWfgDa2YS9YlDlG5FS60TrqwK/Lm4IgIYwj/
ySoUkQB/u9w3ROwjVq0MoINftTwBu2sPsMt4LbDhwYh43iHZ/hX3yK8pI6Go0TIm
CyELCTE3K05tDwlKtKZUlU4V0Ye9TWzYQD1g67zlpW5gVpOolMk1E3UYUhgv+/U=
=tYIA
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC