A vulnerability has been reported in Apple Mac OS X, which can be
exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an indexing error in Apple Type
Services within the “TType1ParsingContext::SpecialEncoding()” method
in libFontParser.dylib when parsing embedded fonts. This can be
exploited to corrupt memory e.g. via a specially crafted PDF file
opened in Preview.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in Mac OS X Server 10.5, Mac OS X 10.5,
Mac OS X 10.6, and Mac OS X Server 10.6.
Apply Security Update 2010-003.
Reference: CVE-2010-1120 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1120
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.