The first of the month of Apple bugs has been released today and it is a buffer overflow problem. Here is what they say about the bug:
A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.
We’ll see how the rest of them are and I’m excited as to how Apple will react to them, my guess is they will patch them rather quickly. Here is the web site.