While all the marketing claims that only Microsoft’s Windows has security problems and the OSX is as secure as Fort Knox, Jobs has signed off on a patch which fixes a whopping 13 vulnerabilities.
The release fixes issues in several components, including CoreGraphics and Apple Type Services. Several of the vulnerabilities cause buffer overflows, and can be exploited to execute arbitrary code. Of course no one ever hacks Apple machines so the patches are probably cosmetic.
Apple’s advisory claims that the Apple Type Services (ATS) bug can be triggered by viewing or downloading a document containing a malicious embedded font. If exploited, hackers could use it to run code. Apple said it fixed the issue by improved bounds checking.
A heap buffer overflow due to CoreGraphics’ handling of PDF files can also be exploited by attackers to run arbitrary code, and was likewise addressed with improved bounds checking.
Six of the vulnerabilities affect PHP. One can be exploited via a malicious PNG image, and does not affect systems prior to Mac OS X v10.
While we welcome the fact that Jobs has finally worked out that the OSX is insecure, it would be nice if he dropped the marketing pitch that claims that users are protected from malware thanks to his aura.