Your source for indispensable Apple and Macintosh news, reviews, tips, and commentary since 1990.

 

Is it a Unicode Font?

To determine if your font is Unicode-compliant, with all its characters coded and mapped correctly, choose the Font in any program (or in Font Book, set the preview area to Custom (Preview > Custom), and type Option-Shift-2.

If you get a euro character (a sort of uppercase C with two horizontal lines through its midsection), it's 99.9 percent certain the font is Unicode-compliant. If you get a graphic character that's gray rounded-rectangle frame with a euro character inside it, the font is definitely not Unicode-compliant. (The fact that the image has a euro sign in it is only coincidental: it's the image used for any missing currency sign.)

This assumes that you're using U.S. input keyboard, which is a little ironic when the euro symbol is the test. With the British keyboard, for instance, Option-2 produces the euro symbol if it's part of the font.

Visit Take Control of Fonts in Leopard

Submitted by Sharon Zardetto

Share your own tip! | Search TipBITS

 

 

Recent TidBITS Talk Discussions
 

 

Related Articles

 

 

Published in TidBITS 931. Subscribe today to receive TidBITS in email every Monday.

 

 
Safe Computing | 29 May 2008 | Listen   | Print Printer-Friendly Version of This Article |

Security Update 2008-003 / Mac OS X 10.5.3 Fix Flaws

by Adam C. Engst

Apple has released Security Update 2008-003 for Mac OS X 10.4.11 to extend the security fixes included in Mac OS X 10.5.3 and Mac OS X Server 10.5.3 to systems running Mac OS X 10.4 Tiger. Most notable among the fixes is one that blocks the iCal vulnerability publicized recently by Core Security Services (see "Unpatched iCal Security Flaws Present Low Risk," 2008-05-22). The reason for Apple's foot-dragging on the iCal vulnerabilities is now clear - if Security Update 2008-003 had been the only release necessary, it could likely have happened on the schedule Apple originally promised. But coordinating a full update to Mac OS X 10.5.3 simultaneously is a much taller order, and Apple undoubtedly wanted to avoid releasing Security Update 2008-003 separately from Mac OS X 10.5.3 Update.

A wide variety of other vulnerabilities have been eliminated in this release, including the following. I list these not because anyone is likely to have encountered them, nor to scare everyone into updating (although that's a good idea). Instead, I'm providing the details to give a sense of just how many security vulnerabilities are found, reported, and patched on a regular basis. As much as there's no need to become paranoid, security really is a big deal in our increasingly networked world.

  • AFP Server now checks to make sure that a file or folder being served is inside a folder designated for sharing; previously a connected user could access files and folders for which permission was available, even if not contained within shared folders.
  • The Apache Web server in Mac OS X 10.4.11 is updated to version 2.0.63 to fix several vulnerabilities, including one that could lead to cross-site scripting. (Mac OS X 10.5 and Mac OS X Server 10.5 both ship with Apache 2.2.x.)
  • Applications like TextEdit that use AppKit are no longer vulnerable to arbitrary code execution from maliciously crafted files; this fix is necessary only for Mac OS X 10.4.11.
  • Apple Type Services and CoreGraphics now prevent crashes or arbitrary code execution stemming from opening a maliciously crafted PDF, or printing one containing a maliciously crafted embedded font.
  • Safari's SSL handling has been updated to prompt the user before responding to client certificate requests from Web servers; previously Safari merely sent the first client certificate in the keychain, which could have led to disclosure of sensitive information.
  • Mac OS X now alerts users to more potentially unsafe content types, including files used by Automator, Help, Safari, and Terminal.
  • Flash Player Plug-in 9.0.124.0 resolves multiple issues, some of which could lead to arbitrary code execution.
  • A fix in the International Components for Unicode prevents the disclosure of sensitive information caused by visiting a maliciously crafted Web site.
  • Image Capture now prevents information disclosure via its embedded Web server through improved URL handling, and also prevents a local user from manipulating files with the privileges of another user.
  • The Mac OS X kernel is no longer vulnerable to a remote system shutdown triggered by sending a maliciously crafted packet to a system configured to use IPsec or IPv6.
  • In Mac OS X 10.4, when sending mail through an SMTP server over IPv6, Mail could disclose sensitive information to message recipients and mail server administrators. Mail's uninitialized memory buffer could also have been exploited to cause crashes or arbitrary code execution.
  • The Mongrel HTTP server for Ruby is updated to version 1.1.4 to block a bug that could allow a remote attacker to read arbitrary files.

Security Update 2008-003 is most easily installed via Software Update because otherwise you must pick the right version to download: for the desktop versions of Mac OS X 10.4, choose either PowerPC (72 MB) or Intel (111 MB), and for Mac OS X Server, choose either PowerPC (88.9 MB) or Universal (118 MB).

Previous Article
Previous Article
Recommend This Article
-
Next Article
Related Articles
Top Articles in this Section
Microsoft's MacBU: Supporting Mac users with Office 2008.
Is your Office up-to-date? Make sure you're running the latest
versions of Word, Excel, PowerPoint, and Entourage by choosing
Check for Updates from the Help menu of any Office application!