I might note that, unlike what is suggested in the advisory, it is possible to exploit this issue, you just have to know a bit how MacOSX implements some standard functions, and use them right. I will not disclose any pof before Apple security upgrade, hence it is trivial to get remote code execution to work for any guy knowing its stuff well. (i suspect the way this advisory was written because it indeed gives some hidden hints about it ... )
kr. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
