Apple Installer fails to properly handle package filename strings. It's a affected by a typical format string vulnerability, which can lead to a denial of service condition or arbitrary code execution.
- Apple Installer Package Filename Format String Vulnerability
- Petition Online: Assure OSX authentication dialog box authenticity
- Petition Online: Remove all admin->root authorization prompts from OSX
Also, many thanks to an anonymous supporter for donating to the project. We would like to note also that we don't endorse any actions taken against anyone who openly criticizes or disagrees with the project.