

Ftp(1) can be made to execute arbitrary commands by a malicious webserver - amlweems
http://www.openwall.com/lists/oss-security/2014/10/28/4

======
cmdrfred
This seems nasty, I don't use OSX but does this mean they are all vulnerable?

