US-CERT Technical Cyber Security Alert TA08-150A -- Apple Updates for Multiple Vulnerabilities

30/05/08, US-CERT Technical Cyber Security Alert TA08-150A -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA08-150A -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>
Date: Thu, 29 May 2008 16:13:33 -0400
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Organization: CERT(R) Coordination Center - +1 412-268-7090

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        National Cyber Alert System
   
     Technical Cyber Security Alert TA08-150A


Apple Updates for Multiple Vulnerabilities

   Original release date: May 29, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Mac OS X prior to v10.5.3
     * Mac OS X Server prior to v10.4.11

Overview

   Apple has released Security Update 2008-003 and OS X version 10.5.3 to
   correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
   Server.  Attackers  could  exploit  these  vulnerabilities  to execute
   arbitrary  code,  gain  access  to  sensitive  information, or cause a
   denial of service.

I. Description

   Apple  Security  Update  2008-003  and  Apple  Mac OS X version 10.5.3
   address  a number of vulnerabilities affecting Apple Mac OS X and OS X
   Server  versions  prior  to  and including 10.4.11 and 10.5.2. Further
   details are available in the US-CERT Vulnerability Notes Database. The
   update  also addresses vulnerabilities in other vendors' products that
   ship with Apple OS X or OS X Server.

II. Impact

   A  remote,  unauthenticated  attacker may be able to execute arbitrary
   code.

III. Solution

Upgrade

   Install  Apple  Security  Update  2008-003  or  Apple Mac OS X version
   10.5.3.  These  and other updates are available via Software Update or
   via Apple Downloads.

IV. References

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>
     
 * About  the security content of Security Update 2008-003 / Mac OS X
   10.5.3 - <http://support.apple.com/kb/HT1897>
     
 * Mac OS X: Updating your software -
   <http://support.apple.com/kb/HT1338?viewlocale=en_US>
     
 * US-CERT  Vulnerability  Notes for Apple Security Update 2008-001 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>

 _________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA08-150A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

   Revision History

   May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----

Previous message sorted by date: US-CERT Technical Cyber Security Alert -- New US-CERT PGP Key
Next message sorted by date: US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability
Previous message sorted by thread: US-CERT Technical Cyber Security Alert -- New US-CERT PGP Key
Next message by thread: US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jun 2008