AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to provileged applications.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0049)