site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-04-14-1 Security Update 2010-003 Security Update 2010-003 is now available and addresses the following: ATS CVE-ID: CVE-2010-1120 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved index checking. Credit to Charlie Miller working with TippingPoint's Zero Day Initiative for reporting this issue. Security Update 2010-003 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6.3 and Mac OS X Server v10.6.3 The download file is named: SecUpd2010-003Snow.dmg Its SHA-1 digest is: aa1579322ef07a1637b35a3ac02612ca5a22a74a For Mac OS X v10.5.8 The download file is named: SecUpd2010-003.dmg Its SHA-1 digest is: 3f82f68f5a96a0c103fcc3ad88da9451b48def08 For Mac OS X Server v10.5.8 The download file is named: SecUpdSrvr2010-003.dmg Its SHA-1 digest is: bc299a8932d02cf8e10bdb82ca6f21908d9ba50a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJLxOTRAAoJEHkodeiKZIkB2uUH/0saBGpRetrfTEe+deMk6ExP 56eswhN8b9jxfhtB0yQK42q/uty1pE25BC+WMcGYvdzMJnYMjgK3OYsfbbNwtoCU n1pZYCcdCmGI/CiNxrgfnt9mB00WZdLSjVxXkYL257ARPzU4Mz65M+XHaWepeQQm Y8kG2U3bxTJ5BRymYShyCy/UP9g/xWfgDa2YS9YlDlG5FS60TrqwK/Lm4IgIYwj/ ySoUkQB/u9w3ROwjVq0MoINftTwBu2sPsMt4LbDhwYh43iHZ/hX3yK8pI6Go0TIm CyELCTE3K05tDwlKtKZUlU4V0Ye9TWzYQD1g67zlpW5gVpOolMk1E3UYUhgv+/U= =tYIA -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com