Apple Finder fails to properly handle malformed .DS_Store files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
.DS_Store files are hidden files used by Apple Finder to control the display of a folder and its contents.
According to Apple Security Advisory 2006-007:
_A heap buffer overflow may be triggered when the Finder is used to browse a directory containing a corrupt ".DS_Store" file. By enticing a user to browse a directory containing a maliciously-crafted ".DS_Store" file, an attacker may be able to trigger the overflow. This could lead to an application crash or arbitrary code execution with the privileges of the user running Finder. ".DS_Store" files may be included in archives, on disk images, and on network file systems. _
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running Apple Finder.
Apply Apple Updates