Apple releases Leopard, Snow Leopard Security Update 2010-003
By David Chartier, Macworld
Apple on Wednesday released a security update for users of Mac OS X 10.5 Leopard and 10.6 Snow Leopard.
Security Update 2010-003 for
Leopard Client, and
Leopard Server fixes exactly one vulnerability: the potential execution of arbitrary code when viewing or even just downloading a document with a maliciously-crafted embedded font.
knowledge base document on the update, the company credits security researcher Charlie Miller for the find. Miller has won the annual Pwn2Own contest by taking over Macs
years in a
row. Last year, he also
discovered a rather nasty SMS vulnerability that could allow a malicious hacker to install and run unsigned code on an iPhone, complete with root access.
The Security Update 2010-003 for Snow Leopard weighs in at 6.5MB and requires Mac OS X 10.6.3 or later; the 219MB Leopard client and 379MB server versions require Mac OS X 10.5.8 and Mac OS X Server 10.5.8 respectively.