Core Security Technologies Advisory - Apple OS X suffered from a sandbox predefined profiles bypass vulnerability. Several of the default pre-defined sandbox profiles do not properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality. Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox.
a93c8053536e7abfedb811843ec4811b01921f6a36f6987012ab0bbdb0ab1c23