Apple plugs PDF hole with OSX security update

Evil fonts ousted

Apple has posted a security update to its OSX operating system which patches a well-publicised flaw in Adobe's PDF software.

OSX Security Update 2010-005 - which is available via Software Update or direct from Apple plugs a hole which allowed maliciously-crafted PDF files, fonts and PNG images to execute arbitrary code due to a stack buffer overflow.

The update also prevents man-in-the-middle attackers from grabbing user credentials through anonymous TLS/SSL connections or redirecting connections, as well as a number of other issues with CFNetwork, ClamAV, CoreGraphics, libsecurity and Samba.

The update, which weighs in at 84MB if you are using the latest version of OSX and are up to date with previous patches, is available for  Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 and Mac OS X Server v10.6.4.