Format string vulnerability in a number of Apple applications
At the end of their Month of Apple Bugs, Lance M. Havok (a.k.a. LMH) and Kevin Finisterre have pulled out all the stops and published four format-string vulnerabilities in Mac OS X applications. According to their report, the flaw is found in a number of functions provided by Apple's AppKit framework. Several applications use it incorrectly, resulting in security problems.
As a result, Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3 and iPhoto 6.0.5 crash when called with specially prepared file names. While it is reportedly very difficult to inject code through these holes because of a flaw in CoreFoundation that MOAB does not describe in any detail, it is apparently not impossible. No patch has yet been provided. In concluding the MOAB, the initiators announced one last hole in the Mac kernel that can be exploited remotely. They have not yet provided any additional details.
For an assessments of the Month of Apple Bugs and its possible effects, see this article at heise Security: