Apple Mac OS X ATS contains a memory corruption vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Apple Mac OS X ATS (Apple Type Services) fails to properly handle malformed data-font (.dfont) files, resulting in memory corruption.
By convincing a user to open a specially-crafted font in Font Book, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Apply an update
This issue is addressed in OS X Lion v10.7.3 and Security Update 2012-001.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2012-02-02|
|Date Last Updated:||2012-03-28 14:53 UTC|