US-CERT Technical Cyber Security Alert TA08-350A -- Apple Updates for Multiple Vulnerabilities

0 views
Skip to first unread message

US-CERT

unread,
Dec 15, 2008, 5:20:19 PM12/15/08
to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA08-350A


Apple Updates for Multiple Vulnerabilities

Original release date: December 15, 2008
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)


Overview

Apple has released Security Update 2008-008 and Mac OS X version
10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X
and Mac OS X Server. Attackers could exploit these vulnerabilities
to execute arbitrary code, gain access to sensitive information, or
cause a denial of service.


I. Description

Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6
address a number of vulnerabilities affecting Apple Mac OS X and
Mac OS X Server versions prior to and including 10.4.11 and 10.5.5.
The update also addresses vulnerabilities in other vendors'
products that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.


III. Solution

Install Apple Security Update 2008-008 or Apple Mac OS X version
10.5.6. These and other updates are available via Software Update
or via Apple Downloads.


IV. References

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* About the security content of Security Update 2008-008 / Mac OS X
v10.5.6 -
<https://support.apple.com/kb/HT3338>

* Mac OS X: Updating your software -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>

* Apple Downloads - <http://support.apple.com/downloads/>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-350A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <ce...@cert.org> with "TA08-350A Feedback VU#901332" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

December 15, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK
g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2
ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon
Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d
fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE
ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==
=yvkk
-----END PGP SIGNATURE-----

Reply all
Reply to author
Forward
0 new messages