International Components for Unicode Invalid ISO Character Handling Vulnerability
The International Components for Unicode (ICU) is prone to a vulnerability related to the handling of certain invalid character sequences.
An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or the disclosure of sensitive information in some cases. Other attacks are also possible.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities), but has been given its own record to better document the vulnerability.
NOTE: This BID was formerly titled 'Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability', but has been updated to better reflect the issue and the underlying vulnerable component.