DOE's Computer Incident Advisory Capability has issued a notice that a problem has been identified in the Macintosh application manager that allows a new process to start in the context of the front process. If the front process is a "suid" root application, the new process starts with root access. This problem, found on Apple Macintosh OS-X 10.1 and 10.0.x, represents a "medium" security risk in that normal users with physical access to a workstation can get root access. Apple is making a patch available and running Software Update after that time should automatically download the patch from Apple. The patch should also be on Apple's Security Update page by next week. If you are unable get the patch a work around is to remove suid .app type applications or reset the suid bit on those applications. If you reset the suid bit, you must log in as root to run these applications.

More information is available from Apple and this on-line article.