Apple today shipped a patch to fix the drive-by download vulnerability used by Charlie Miller to hack a fully patched MacBook via the Safari browser. Miller s hack was part of this year s CanSecWest Pwn2Own contest. The actual vulnerability was not in Safari but in the way ATS (Apple Type Services) handles certain fonts. The issue affects Mac OS X v10.5.8, Mac. X. and Mac. OS X Server v.6.3.
Source: https://threatpost.com/apple-patches-pwn2own-flaw-hacked-safari-041410/73831/