-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-079A
Apple Updates for Multiple Vulnerabilities
Original release date: March 19, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.2
* Apple Mac OS X Server versions prior to and including 10.4.11 and
10.5.1
* Apple Safari prior to 3.1, including both OS X and Windows
versions
Overview
Apple has released the Apple Security Update 2008-002 and Apple Safari
3.1 to correct multiple vulnerabilities affecting Apple Mac OS X, Mac
OS X Server, and Apple Safari. Attackers could exploit these
vulnerabilities to execute arbitrary code, gain access to sensitive
information, execute cross-site scripting attacks or cause a denial of
service.
I. Description
Apple Security Update 2008-002 and Apple Safari 3.1 to address a
number of vulnerabilities affecting Apple Mac OS X, OS X Server, and
Safari. Further details are available in the US-CERT Vulnerability
Notes Database.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
cross-site scripting, and denial of service.
III. Solution
Install updates from Apple
Install Apple Security Update 2008-002. These and other updates are
available via Software Update or via Apple Downloads.
IV. References
* US-CERT Vulnerability Notes for Apple Security Update 2008-002 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_002>
* About the security content of Apple Security Update 2008-002 -
<http://docs.info.apple.com/article.html?artnum=307562>
* About the security content of Safari 3.1 -
<http://docs.info.apple.com/article.html?artnum=307563>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Apple Support Downloads -
<http://www.apple.com/support/downloads/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-079A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA08-079A Feedback VU#766019" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
March 19, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR+FGcPRFkHkM87XOAQK4Owf/XOOgbik8hEhLWJ4JDcP4crvAEqkwYN1+
pqxpSds4aTp2a77DabWbX4CWZvOM9XUSeQU7SzFHYOXtJLQ8Rd0txac1O7plUeuM
W4r2TBdMIGFQfkWJWrQHnbbuA4Cx5M97N5j0CdycISdk2FPgJhQhfCh1GxQ9GcGI
RiNoozyYhXNtOXJzz8XGwTGrVyrxVqE4CPxWNmS4/5DixSlajao0U2TSNQ+1Fhp5
G8L0nGfCdGwpxL901XBWDTOAX/Gfa5O21qsbHR3UwjQynG4s4gbDufvTMLJa0va5
/s7y0KTJWFFDmdZ/s2uqRl4or8et1bYU6vDJhFzbSyKen+Zt0MduVw==
=z3hA
-----END PGP SIGNATURE-----
