I told you a few weeks ago that at the Pwn2Own contest Charlie Miller, a famous IT security expert, managed to exploit the iPhone 4 with an exploit found in the Safari browser. The same Safari browser, but the desktop version, a license a hacker to exploit the Mac OS X operating system in just a few seconds in the same contest. Mac OS X 10.6.7 is available since yesterday and solves no less than 56 vulnerabilities of the operating system and related applications, including bugs in Safari plus one more bug that Charlie Miller didn't get to show at Pwn2Own.
Several in that class resided in Apple Type Services (ATS), the operating system's font renderer, and could be exploited using malicious documents embedded with specially-crafted fonts. Of those four vulnerabilities, two were reported by researchers from Apple's rival Google. Other drive-by attacks could be launched using malformed files exploiting six vulnerabilities in Mac OS X's ImageIO component, another five in QuickTime and two in QuickLook, the operating system's document preview tool.
Few expected Apple to release a new version of Mac OS X so quickly, but the company probably wanted to cover the vulnerabilities in the old version of Mac OS X as quickly as possible. The same thing could happen with iOS 4.3.1 a whose release was announced the other day. According to that rumor, iOS 4.3.1 should be available in iTunes in the next 2 weeks and should block the iPad 2 jailbreak plus a few other operating system bugs. Considering that Apple hastened the release of Mac OS X 10.6.7, it is possible to witness a similar situation in the case of iOS.
