-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-275A Multiple Vulnerabilities in Apple and Adobe Products Original release date: October 02, 2006 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.9 and earlier (Panther) * Apple Mac OS X version 10.4.7 and earlier (Tiger) * Apple Mac OS X Server version 10.3.9 and earlier * Apple Mac OS X Server version 10.4.7 and earlier * Safari web browser * Adobe Flash Player 8.0.24 and earlier These vulnerabilities affect both Intel-based and PowerPC-based Apple systems. Overview Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update to correct multiple vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service. I. Description Apple has released Security Update 2006-006 to address numerous vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products. Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006. Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based Apple systems. This update addresses the vulnerabilities described in Apple Security Update 2006-006 for Intel-based Apple systems. This security update also addresses previously known vulnerabilities in Adobe Flash Player. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11. II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. Solution Install updates Install Apple Security Update 2006-006. This and other updates are available via Apple Update or via Apple Downloads. Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8 Update (Intel) to receive the necessary security updates. IV. References * Vulnerability Notes for Apple Security Update 2006-006 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006> * About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006 - <http://docs.info.apple.com/article.html?artnum=304460> * Mac OS X 10.4.8 Update (Intel) - <http://www.apple.com/support/downloads/macosx1048updateintel.html> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Apple Downloads - <http://www.apple.com/support/downloads/> * Vulnerability Notes for Adobe Security Bulletin APSB06-11 - <http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11> * Adobe Security Bulletin APSB06-11 - <http://www.adobe.com/support/security/bulletins/apsb06-11.html> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-275A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA06-275A Feedback VU#546772" in the subject. _________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History October 02, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg== =nP7Y -----END PGP SIGNATURE-----