More about Mac OS X LaunchServices Vulnerability
More info from Unsanity about the security hole recently found in Mac OS X, and why simply changing the protocol helper for 'help' URLs doesn't close it:
According to Jason: Apple's just released a Security Update that resolves the security vulnerability with Help Viewer. Unfortunately, that's all it resolves. The exploit I wrote that freaked me out enough to write Paranoid Android is still wide-open.