So, one of the features that’s been in the WebKit tree for a while but finally showed up in Safari today is downloadable font support. You can use CSS to apply a specific font to an element and Safari will download the font from a URL provided.

That’s really cool, but the odds of an exploitable buffer overflow somewhere in the font rendering pipeline has to be almost 100%. I mean, almost every graphics format has had multiple exploitable bugs on every platform, and I can’t see how a complete OpenType renderer can be any less complex than JPEG. Even worse, this is a new attack vector, against a part of the system that wasn’t part of the security perimeter before. Is there a way to turn this off?