libarchive in Apple OS X prior to 10.11.1 allows malicious users to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
apple mac os x