Apple released security update to patch PDF exploit
Apple Inc. released a security update to fix a critical PDF vulnerability on Mac OS X. The security patch is named Security Update 2010-005 and it addresses ‘heap buffer overflow’ when CoreGraphics handles PDF files.
The vulnerability allowed the hackers to execute malicious PDF file which could result in arbitrary code execution and unexpected termination of application.
Security Update 2010-005 also includes a fix for ‘stack buffer overflow’ that would allow attacks through malicious embedded font. However, it is unclear whether this Security Update 2010-005 is related to PDF exploit found on iOS 4 which resulted in hacking of iPhones. Apple has already released fix for iOS 4 on August 11, 2010.
Security Update 2010-005 is applicable for Mac OS X Server 10.5, Mac OS X 10.5.8 , Mac OS X Server 10.6 , and Mac OS X 10.6.4.
The security update is available for download at http://support.apple.com/kb/HT4312