Apple Mac OS X BOM Archive Expansion Arbitrary File Overwrite
Local Access Required
Loss of Integrity
Mac OS X contains a flaw that allows a remote attacker to overwrite arbitrary files outside of the destination directory when expanding archives. The issue is due to BOM not properly sanitizing user input, specifically directory traversal style attacks which specify arbitrary files accessible to the user expanding the archive.
Install Apple Security Update 2006-003, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.