More Security Updates from Apple and Cicso
This morning brings a new round of security advisories and updates from both Apple and Cisco, according to US-CERT.
On the consumer side, Apple has released Security Update 2010-003 which patches a vulnerability in Apple Type Services that can allow a maliciously crafted font to set up a little arbitrary code execution party.
Said party can be brought about simply by viewing or downloading a document embedded with such a font. Updates are available via Software Update.
For those that more regularly get their geek on, Cicso as issued a security advisory for Cisco Secure Desktop. It appears that there's a vulnerable (not in a twelve-year-old girl way, either) ActiveX control that might just allow an attacker to execute arbitrary code with the priviledges of the currently logged on user.
That can't be good.