Apple · Coretext · CVE-2014-1261
**Name of the Vulnerable Software and Affected Versions**
Apple OS X versions prior to 10.9.2
**Description**
The issue is related to an integer signedness error in CoreText, which allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. This can be achieved by using a crafted Unicode font.
**Recommendations**
For Apple OS X versions prior to 10.9.2, update to version 10.9.2 or later to resolve the issue.