[原文]Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
Apple Safari Maliciously-crafted Rich Text File Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when clicking on a link in a maliciously-crafted rich text file in Safari, which bypasses regular browser security checks. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.