We are also told that Apple has a patch that would fix the bug, but will not release it.
Security researchers at CoreLabs Research warned others that the bug exists on November 8, and although Apple have had a working patch as of October 22, they failed to meet their dates without “any notice or explanation.”
The patch was to be deployed with a Mac OS 10.5 Security Update, scheduled for the week of October 25, and then moved the date of the release to a week later without any warning.
The bug, which has been assigned as CVE-2010-1797 does not affect 10.6, so upgrading to the latest version is highly recommended.
Also See: Apple UK Store skips Friday sales