Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Apple Mac OS X CoreText is a text layout and font processing engine that is used to handle embedded fonts.CoreText contains a use-after-free vulnerability that can allow arbitrary code execution.
By convincing a user to open a document with a specially-crafted embedded font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Apply an update
This issue is addressed in OS X Lion v10.7.3 and Security Update 2012-001.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2012-02-02|
|Date Last Updated:||2012-03-28 14:54 UTC|