Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Wed, 13 May 2009 15:23:42 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-133A


Apple Updates for Multiple Vulnerabilities

   Original release date: May 13, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
     * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
     * Safari 3 for Windows,  Mac OS X 10.4, and Mac OS X 10.5


Overview

   Apple has released multiple Security Updates, 2009-002 / Mac OS X
   version 10.5.7 and Safari 3.2.3, to correct multiple
   vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the
   Safari web browser. Attackers could exploit these vulnerabilities
   to execute arbitrary code, gain access to sensitive information, or
   cause a denial of service.


I. Description

   Apple Security Update 2009-002 / Mac OS X v10.5.7 addresses a
   number of vulnerabilities affecting Apple Mac OS X and Mac OS X
   Server, the Safari security update addresses vulnerabilities
   affecting the Safari web browser (for Windows and OS X). These
   updates also address vulnerabilities in other vendors' products
   that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

   The impacts of these vulnerabilities vary. Potential consequences
   include arbitrary code execution, sensitive information disclosure,
   denial of service, or privilege escalation.


III. Solution

   Install Apple Security Update 2009-002 / Mac OS X v10.5.7, or
   Safari 3.2.3. These and other updates are available via Software
   Update or via Apple Downloads.


IV. References

 * Apple Security Update 2009-002 -
   <http://support.apple.com/kb/HT3549>

 * Safari 3.2.3 - <http://support.apple.com/kb/HT3550> 

 * Apple Downloads - <http://support.apple.com/downloads/>

 * Software Update -
   <https://support.apple.com/kb/HT1338?viewlocale=en_US>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-133A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA09-133A Feedback VU#175188" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV
HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/
Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy
J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV
vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ
xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA==
=dQ2L
-----END PGP SIGNATURE-----

Powered by:

MHonArc