The Cupertino company has posted a patch to fix a vulnerability discovered by Charlie Miller in the last Pwn2Onw CanSecWest.
This failure has allowed Miller to gain control of the machine, just using Safari. However as we all know the contest organizers do not allow full disclosure of methods and exploits, but the houses directly affected.
Patch CVE-2010-1120 corrects the problem that plagues the system font management in Apple Type Service . Viewing or downloading a document containing a font written ad hoc're ready to allow execution of arbitrary code.
Source: ZDNet
0 comments:
Post a Comment