The update affects client and server versions of Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard).
It includes a fix for a stack buffer overflow bug in Apple Type Services' handling of embedded fonts, which may lead to arbitrary code execution, according to Apple's advisory. The vulnerability could be exploited if a user is tricked into viewing or downloading a document containing a maliciously crafted embedded font.
The flaw is similar to a vulnerability patched earlier this month in Apple's mobile operating system, iOS, that was exploited to jailbreak iPhone, iPad and iPod Touch devices, researchers at Mac security firm Intego wrote in a blog post Wednesday.
The update also includes fixes for bugs in several other OS X components, including CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP and Samba. Those vulnerabilities could allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain, according to an advisory posted Wednesday by US-CERT.
This is the fifth OS X security update this year.
