Pwn2Own exploit in OS X patched

Apple has responded to the security exploits in the recent Pwn2Own hacking competition by releasing a security patch for its OS X operating system.

Read on for more information.

If there’s one word in this world to remind Mac users that their operating system ia not as protected and resilient against security exploits as they think it is, it has to be “Pwn2Own”, where hackers have proven OS X’s security shortcomings on an annual basis.

And the fix that was released a day ago was specially made to combat a particular exploit which made its appearance in the first day of the recently-held Pwn2Own competition. According to Apple’s support page, Security Update 2010-003 fixes an “unchecked index issue exist(ing) in Apple Type Services’ handling of embedded fonts”.

While many believed that the security flaw lies in the Safari browser, Ars Technica said in their article that the problem actually lies in the Apple Type Services, which is used by Safari.

And if you were perceptive enough, you would have realized that Apple credited Charlie Miller for “working with TippingPoint’s Zero Day Initiative for reporting this issue” in their support page. Now this would be fine and all, except that we posted an article sometime back in which Charlie Miller claims that he would not be handing over any of the vulnerabilities found to the respective companies in the competition. Maybe the guy had a change of heart?

Source: Apple Support Page via Ars Technica

VR-Zone is a leading online technology news publication reporting on bleeding edge trends in PC and mobile gadgets, with in-depth reviews and commentaries.