Year after year, security researcher Charlie Miller is able to find vulnerabilities in Apple's software. But it's usually not until Apple has issued a patch that the public gets clued into how Miller was able to find the exploit.
Miller demonstrated his most recent Apple discovery at the 2010 CanSecWest security conference during the Pwn2own hacking competition, in which security researchers probe popular Web browsers for vulnerabilities. As per the contest rules, full details on the flaw were not immediately made public. Instead, details were handed over to Apple so the company could issue a fix. That fix is now available, providing clues as to the exact nature of the flaw.
At Pwn2own, Miller found the vulnerability in Apple's Safari browser running on Mac OS X 10.6, a.k.a., "Snow Leopard." The vulnerable component turns out to be in Apple's Type Services (ATS) function.
"An unchecked index issue exists in Apple Type Services' handling of embedded fonts," Apple said in a security advisory. "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Apple has now addressed the ATS issue by way of improved index checking, it added, and its update this week includes fixes for both the latest Snow Leopard 10.6.3 release, as well as the older Leopard 10.5.8 operating system.
Miller's finding is only the most recent vulnerability he's uncovered in Apple software at Pwn2own, having also found an exploit during the 2009 contest.
Meanwhile, Apple's Pwn2own fix follows a patch issued earlier this month by Mozilla for its Firefox Web browser, which was also found to be vulnerable to attack during the event.