Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on November 11, 2010

Apple Finally Patches Critical Security Hole in OS X Leopard

Apple Finally Patches Critical Security Hole in OS X Leopard
Tris Hussey
Story by

Tris Hussey

Author, speaker, teacher, & Internet rogue. Author of Create Your Own Blog, Using WordPress, & Teach Yourself Foursquare in 10 Minut Author, speaker, teacher, & Internet rogue. Author of Create Your Own Blog, Using WordPress, & Teach Yourself Foursquare in 10 Minutes.

After being public outed by the security company that brought the flaw to Apple’s attention, Apple has released a patch to OS X Leopard (10.5) to fix the critical vulnerability in how CFF font files are handled:

Apple on Wednesday released Security Update 2010-007, bringing the same security patches included in the recent Mac OS X 10.6.5 release to Macs running 10.5 Leopard client or server versions.

Among the more prominent fixes included in the update is a fix for a bug in Apple Type Services which could allow the downloading of a maliciously crafted font file to lead to arbitrary code execution. That bug, originally caught by security firm Core Security, was similar to a vulnerability in Apple’s iOS that allowed hackers to jailbreak devices running that software. Apple patched the flaw in an iOS update

via Security Update 2010-007 patches Mac OS X 10.5 | Operating Systems | MacUser | Macworld.

This flaw, if you remember, was patched in iOS over the summer (which neutered many jailbreak tools) and Snow Leopard isn’t effected by the flaw because fonts are handled differently in 10.6. If you have OS X 10.5 Leopard, you should go to the Apple menu and check for updates now to get the patch.