CVE-2006-1443

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.3.9 through 10.4.6

Description The issue allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within certain API functions, including CFStringGetFileSystemRepresentation and getFileSystemRepresentation:maxLength:withPath in NSFileManager.

Recommendations For Apple Mac OS X versions 10.3.9 through 10.4.6, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the CFStringGetFileSystemRepresentation function and the getFileSystemRepresentation:maxLength:withPath method in NSFileManager until a patch is available. Avoid using these functions with untrusted input to minimize the risk of exploitation.