CVE-2010-4010

Name of the Vulnerable Software and Affected Versions Apple Mac OS X version 10.5.8

Description The issue is related to an integer signedness error in Apple Type Services (ATS), which can be exploited by remote attackers to execute arbitrary code. This can be achieved by using a crafted embedded Compact Font Format (CFF) font in a document.

Recommendations For Apple Mac OS X version 10.5.8, consider avoiding the use of embedded CFF fonts in documents until a fix is available. As a temporary workaround, restrict the opening of documents from untrusted sources to minimize the risk of exploitation.