[原文]Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
Apple WebKit Safari Crafted PDF Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a user clicks on a PDF file in Safari, which bypasses the browser security checks. It is possible that the flaw may allow arbitrary code execution via a specially crafted PDF file resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.