Apple Releases Mac OS X Security Update 2010-005 - Fixes OS X PDF Exploit
Apple has released a Security Update today for Mac OS X Server 10.5, Mac OS X 10.5.8, Mac OS X Server 10.6, Mac OS X 10.6.4 which addresses issues in the following software:
CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, Samba
Full changes are detailed on Apple's support site.
Most notably, the patch addresses a Core Graphics PDF exploit which apparently is the same security hole that was used in the JailbreakMe website for iOS.
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) for reporting this issue.The update is recommended for all Mac OS X customers.