|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
The specific flaw exists within the handling of the dref atom. It is possible for an attacker to nest atoms within the dref atom that have sizes larger than the enclosing atom. By leveraging this vulnerability, an attacker can execute arbitrary code in the context of the current user.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Tom Gallagher & Paul Bates