CVE-2006-1442

Name of the Vulnerable Software and Affected Versions CoreFoundation in Apple Mac OS X versions 10.3.9 through 10.4.6

Description The issue allows attackers to execute arbitrary code from an untrusted bundle due to the bundle API in CoreFoundation loading dynamic libraries even if the client application has not directly requested it.

Recommendations For CoreFoundation in Apple Mac OS X versions 10.3.9 through 10.4.6, consider restricting the loading of dynamic libraries to only those that are explicitly requested by the client application as a temporary workaround until a patch is available.