Vulnerabilities range from high to critical, with the most severe relating to the media framework and possibly permitting a remote attacker to execute arbitrary code through a «crafted file.»
Apple has acknowledged that the new 10.3.2 update remedies URL handling through improved state management and stopped some books from executing arbitrarycode with root privileges.