cyber attacks

If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package.

According to Apple's advisory accompanying the patch, the actual vulnerability was not in the Safari browser but in the way ATS (Apple Type Services) handles certain fonts.