US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities

14/05/09, US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>
Date: Wed, 13 May 2009 15:23:42 -0400
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Organization: CERT(R) Coordination Center - +1 412-268-7090

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-133A


Apple Updates for Multiple Vulnerabilities

   Original release date: May 13, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
     * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
     * Safari 3 for Windows,  Mac OS X 10.4, and Mac OS X 10.5


Overview

   Apple has released multiple Security Updates, 2009-002 / Mac OS X
   version 10.5.7 and Safari 3.2.3, to correct multiple
   vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the
   Safari web browser. Attackers could exploit these vulnerabilities
   to execute arbitrary code, gain access to sensitive information, or
   cause a denial of service.


I. Description

   Apple Security Update 2009-002 / Mac OS X v10.5.7 addresses a
   number of vulnerabilities affecting Apple Mac OS X and Mac OS X
   Server, the Safari security update addresses vulnerabilities
   affecting the Safari web browser (for Windows and OS X). These
   updates also address vulnerabilities in other vendors' products
   that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

   The impacts of these vulnerabilities vary. Potential consequences
   include arbitrary code execution, sensitive information disclosure,
   denial of service, or privilege escalation.


III. Solution

   Install Apple Security Update 2009-002 / Mac OS X v10.5.7, or
   Safari 3.2.3. These and other updates are available via Software
   Update or via Apple Downloads.


IV. References

 * Apple Security Update 2009-002 -
   <http://support.apple.com/kb/HT3549>

 * Safari 3.2.3 - <http://support.apple.com/kb/HT3550> 

 * Apple Downloads - <http://support.apple.com/downloads/>

 * Software Update -
   <https://support.apple.com/kb/HT1338?viewlocale=en_US>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-133A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV
HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/
Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy
J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV
vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ
xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA==
=dQ2L
-----END PGP SIGNATURE-----

Previous message sorted by date: US-CERT Technical Cyber Security Alert TA09-132A -- Microsoft PowerPoint Multiple Vulnerabilities
Next message sorted by date: US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities
Previous message sorted by thread: US-CERT Technical Cyber Security Alert TA09-132A -- Microsoft PowerPoint Multiple Vulnerabilities
Next message by thread: US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2010