Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA08-350A -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Mon, 15 Dec 2008 17:19:43 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA08-350A


Apple Updates for Multiple Vulnerabilities

   Original release date: December 15, 2008
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
     * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)


Overview

   Apple has released Security Update 2008-008 and Mac OS X version
   10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X
   and Mac OS X Server. Attackers could exploit these vulnerabilities
   to execute arbitrary code, gain access to sensitive information, or
   cause a denial of service.


I. Description

   Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6
   address a number of vulnerabilities affecting Apple Mac OS X and
   Mac OS X Server versions prior to and including 10.4.11 and 10.5.5.
   The update also addresses vulnerabilities in other vendors'
   products that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

   The impacts of these vulnerabilities vary. Potential consequences
   include arbitrary code execution, sensitive information disclosure,
   denial of service, or privilege escalation.


III. Solution

   Install Apple Security Update 2008-008 or Apple Mac OS X version
   10.5.6. These and other updates are available via Software Update
   or via Apple Downloads.


IV. References

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 * About the security content of Security Update 2008-008 / Mac OS X
   v10.5.6 -
   <https://support.apple.com/kb/HT3338>

 * Mac OS X: Updating your software -
   <https://support.apple.com/kb/HT1338?viewlocale=en_US>

 * Apple Downloads - <http://support.apple.com/downloads/>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA08-350A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA08-350A Feedback VU#901332" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2008 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  December 15, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK
g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2
ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon
Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d
fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE
ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==
=yvkk
-----END PGP SIGNATURE-----

Powered by:

MHonArc