Apple Mac OS X Launch Services Remote Security Bypass Vulnerability

Apple Mac OS X Launch Services Remote Security Bypass Vulnerability

Apple Mac OS X is prone to a remote security-bypass vulnerability that affects the Launch Services API.

An attacker can exploit this issue by enticing a user to download a malicious file and launch it without being warned. Successful exploits may bypass the security feature that displays a warning dialog box before executing malicious files from the quarantined directory.

This issue affects the following:

Mac OS X 10.6 and 10.6.1
Mac OS X Server 10.6 and 10.6.1

NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.