Apple has released a security update that fixes a number of issues in several components, including CoreGraphics and Apple Type Services. Several of the vulnerabilities are buffer overflows, and can be exploited to execute arbitrary code.
According to the Apple advisory, the Apple Type Services (ATS) bug can be triggered by viewing or downloading a document containing a malicious embedded font. If exploited, hackers could use it to run code.
A heap buffer overflow due to CoreGraphics’ handling of PDF files can also be exploited by attackers to run arbitrary code, and was likewise addressed with improved bounds checking.
Five of the vulnerabilities affect PHP, and were addressed by updating to PHP 5.3.1. A sixth PHP bug – a buffer overflow in PHP’s libpng library – was swatted by updating libpng within PHP to version 1.4.3. That last issue can be exploited via a malicious PNG image, and does not affect systems prior to Mac OS X v10, according to the advisory.
Other components affected by the update include: CFNetwork, libsecurity, Samba and ClamAV.
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…
