A report by security service provider Core Security has, according to Mac OS X 10.5 (Leopard) a variant of the originally Jailbreakme gap has become known vulnerability on. Accordingly, we find the first of August in the iPhone found error in the handling of embedded fonts in the older, but still officially supported Mac OS X version. According to Core Security, an attacker via crafted PDF documents his code into a vulnerable computer and locks the user's rights start.

Apple is said to have confirmed the problem and are working on a fix. According to Core Security should be an update released by the end of October. Why Apple has not released it is not clear, after all, the manufacturer knows the last two months of the problem. Core wants its publication now apparently put pressure on Apple. Presumably, however, Mac OS X 10.5 anyway not be all too common. The current version of Mac OS X 10.6.x (Leopard) is not vulnerable.

The error description as it is a variation of the old hole in the FreeType library for handling character sets in the Compact Font Format (CFF). The variation is that on Mac OS X will take the FreeType font rendering engine Apple Type Services (ATS) are used. A negative offset value in a data structure can be exploited to run code to be copied into storage areas