O site SecurityFocus e também no site da Apple Security um problema de seguraça no Mac OS X. O Problema, aparentemente, esta relacionado com os seguintes programas(extraído diretamente do site da Apple):
Mac OS X v10.4.7 Update
AFP
CVE-ID: CVE-2006-1468
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: File and folder names may be disclosed to unauthorized users
Description: An issue in AFP server allows search results to include the names of files and folders for which the user performing the search has no access. This could result in information disclosure if the names themselves are sensitive information. This update addresses the issue by ensuring that search results only include items for which the user is authorized. This issue does not affect systems prior to Mac OS X v10.4.
ClamAV
CVE-ID: CVE-2006-1989
Available for: Mac OS X Server v10.4.6
Impact: When virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution
Description: An issue in ClamAV’s automatic virus database updating may result in a stack-based buffer overflow. A malicious or spoofed ClamAV database mirror may be able to cause arbitrary code execution with the privileges of ClamAV. The Mail service, virus scanning, and automatic virus database updates are off by default. This update addresses the issue by incorporating ClamAV 0.88.2. This issue does not affect systems prior to Mac OS X v10.4.
ImageIO
CVE-ID: CVE-2006-1469
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: Viewing a maliciously-crafted TIFF image may result in an application crash or arbitrary code execution
Description: By carefully crafting a corrupt TIFF image, an attacker can trigger a stack-based buffer overflow which may result in an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. This issue does not affect systems prior to Mac OS X v10.4.
launchd
CVE-ID: CVE-2006-1471
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: Local users may gain elevated privileges
Description: A format string vulnerability in the setuid program launchd may allow an authenticated local user to execute arbitrary code with system privileges. The issue is present in launchd’s logging facility. This update addresses the issue by performing additional validation when logging messages. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.
OpenLDAP
CVE-ID: CVE-2006-1470
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: Remote attackers may cause Open Directory server to crash
Description: By carefully crafting an invalid LDAP request, a remote attacker may be able to trigger an assertion in the OpenLDAP server, resulting in a denial-of-service. This update addresses the issue by discarding the invalid request. This issue does not affect systems prior to Mac OS X v10.4. Credit to the Mu Security research team for reporting this issue.
Esta sendo extremamente recomendado a atualização para o Mac OS X 10.4.7. Ainda, segundo o site do SecurityFocus alguns destes problema não precisam de exploit para serem usados mas aqui você pode pegar um exploit para o Lounch.