[原文]Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.
Apple Mac OS X CFBundleIdentifier Duplicate Bundle ID Widget Replacement
Remote / Network Access
Loss of Integrity
Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an attacker creates a Dashboard widget with the same CFBundleIdentifier as an existing system widget, causing it to be loaded instead of the system widget. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.