-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-150A
Apple Updates for Multiple Vulnerabilities
Original release date: May 29, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Mac OS X prior to v10.5.3
* Mac OS X Server prior to v10.4.11
Overview
Apple has released Security Update 2008-003 and OS X version 10.5.3 to
correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. Attackers could exploit these vulnerabilities to execute
arbitrary code, gain access to sensitive information, or cause a
denial of service.
I. Description
Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3
address a number of vulnerabilities affecting Apple Mac OS X and OS X
Server versions prior to and including 10.4.11 and 10.5.2. Further
details are available in the US-CERT Vulnerability Notes Database. The
update also addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server.
II. Impact
A remote, unauthenticated attacker may be able to execute arbitrary
code.
III. Solution
Upgrade
Install Apple Security Update 2008-003 or Apple Mac OS X version
10.5.3. These and other updates are available via Software Update or
via Apple Downloads.
IV. References
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* About the security content of Security Update 2008-003 / Mac OS X
10.5.3 - <http://support.apple.com/kb/HT1897>
* Mac OS X: Updating your software -
<http://support.apple.com/kb/HT1338?viewlocale=en_US>
* US-CERT Vulnerability Notes for Apple Security Update 2008-001 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-150A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
