Late Tuesday, Apple released Security Update 2010-05 for Mac OS X 10.5.x and Mac OS X 10.6.x. The update, a which ranges between 80.6 and over an over 400 megabyte download, adds a slew of security fixes and changes, as summarized here.
More specifically, the update addresses a “heap buffer overflow” in the way CoreGraphics handles PDF files. The vulnerability could allow “unexpected application termination or arbitrary code execution” through a malicious PDF file as well as a “stack buffer overflow” that would allow arbitrary code execution through a malicious embedded font. Both the PDF and the font vulnerabilities are fixed through “improved bounds checking.”
The update requires Mac OS X 10.5.8 on the Mac OS X 10.5 end and Mac OS X 10.6.4 on the Mac OS X end to install and run and can be located and installed via Mac OS X’s Software Update feature.
If you’ve tried the update and noticed any major changes, let us know.