The Code execution vulns for both OSX and Win10 probably. In windows clicking a UNC path link would pass hashs. I believe for OSX there was an installer trick that allowed any code to run if triggered.
But those vulnerabilities were there, at least on OSX, because they were trying to avoid OSX's security warnings. And this is not the first time they've done something skanky like that.
Once may have been an honest mistake; 2+ times is now a pattern.
