AppKit | Characters entered into a secure text field can be read by other applications in the same window session. |
AppKit, ImageIO | Viewing a maliciously-crafted GIF or TIFF image may lead to arbitrary code execution. |
BOM | Expanding an archive may lead to arbitrary code execution. |
BOM | Expanding a malicious archive may cause arbitrary files to be created or overwritten. |
CFNetwork | Visiting malicious web sites may lead to arbitrary code execution. |
ClamAV | Processing maliciously crafted email messages with ClamAV may lead to arbitrary code execution. |
CoreFoundation | Registration of an untrusted bundle may lead to arbitrary code execution. |
CoreFoundation | String conversions to file system representation may lead to arbitrary code execution. |
CoreGraphics | Characters entered into a secure text field can be read by other applications in the same window session. |
Finder | Launching an Internet location item may lead to arbitrary code execution. |
FTPServer | FTP operations by authenticated FTP users may lead to arbitrary code execution. |
Flash Player | Playing Flash content may lead to arbitrary code execution. |
ImageIO | Viewing a maliciously crafted JPEG image may lead to arbitrary code execution. |
Keychain | An application may be able to use Keychain items when the Keychain is locked. |
LaunchServices | Viewing a malicious web site may lead to arbitrary code execution. |
libcurl | URL handling in libcurl may lead to arbitrary code execution. |
Mail | Viewing a malicious mail message may lead to arbitrary code execution. (Two fixes.) |
MySQL Manager | MySQL database may be accessed with an empty password. |
Preview | Navigating a maliciously crafted directory hierarchy may lead to arbitrary code execution. |
QuickDraw | Viewing a maliciously crafted PICT image may lead to arbitrary code execution. |
QuickTime Streaming Server | A malformed QuickTime movie can cause QuickTime Streaming Server to crash. |
QuickTime Streaming Server | Maliciously crafted RTSP requests may lead to crashes or arbitrary code execution. |
Ruby | Ruby safe level restrictions may be bypassed. |
Safari | Visiting malicious web sites may lead to file manipulation or arbitrary code execution. |
Good work, Apple.