Vulnerability in Apple's CoreGraphics Discovered by Check Point IPS Research Team
Vulnerability
Apple released Security Update 2010-005 (described in Apple article HT4312) in late August 2010 that addresses a number of Mac OS X issues, including a vulnerability in the CoreGraphics framework that was discovered by a member of the Check Point IPS Research Team. This flaw can be exploited by an attacker sending a maliciously crafted PDF file to the user.
Details
The CoreGraphics framework in Mac OS X includes the “Quartz” vector drawing system that is used to render PDF files for viewing. A heap buffer overflow condition in CoreGraphics can allow a malformed PDF file to cause an unexpected application termination or allow arbitrary code execution, allowing an attacker to take complete control of the affected system.
Affected Products
This vulnerability exists in Mac OS X and Mac OS X Server versions 10.5.8 and 10.6.4.
Solution
Check Point recommends downloading and installing the Apple Security Update as described above. For unpatched systems, Check Point IPS Software Blade has provided preemptive protection against this vulnerability since early July 2010 by detecting and blocking PDF files that contain a malformed JBIG2 structure. For more information, see CPAI-2010-255.
Acknowledgements
Acknowledgements go to Rodrigo Rubira Branco, a member of the Check Point IPS Research Team, for discovering and reporting the CoreGraphics vulnerability.
The Check Point IPS Research team conducts original research on network, protocol and application vulnerabilities. The team also actively monitors and where appropriate communicates with white, black and grayhat communities to identify vulnerabilities and potential exploits before they are introduced into the wild. This research is used to develop and disseminate defenses through relevant Update Services components.
Published September 1, 2010