Apple eliminates CanSecWest Pwn2Own flaws
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
The two flaws were used by Charlie Miller and a German researcher known only as "Nils" to launch successful drive-by download attacks against Apple's Safari browser.
[ SEE: Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari ]
However, according to Apple's release notes, the bug exploited by Miller actually affected ATS (Apple Type Services).
- ATS (CVE-2009-0154): A heap buffer overflow exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking.
The vulnerability used during Nils' exploit affected WebKit:
- CVE-2009-0945: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking.
Mozilla was the first to issue a fix for its Pwn2Own embarrassment. Microsoft is yet to fix the vulnerability that was exploited via Internet Explorer.
ALSO SEE: