In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.