[原文]CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services.
Apple Mac OS X CoreGraphics Quartz Event Services Event Interception
Local Access Required
Loss of Integrity
Mac OS X contains a flaw that may allow a malicious user to observe and alter low-level user input events. The issue is triggered when "Enable access for assistive devices" is enabled, and Quartz Event Services can be used to intercept events. It is possible that the flaw may allow an attacker to modify user input resulting in a loss of integrity.
Install Apple Security Update 2006-003, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.