-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-350A
Apple Updates for Multiple Vulnerabilities
Original release date: December 15, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
Overview
Apple has released Security Update 2008-008 and Mac OS X version
10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X
and Mac OS X Server. Attackers could exploit these vulnerabilities
to execute arbitrary code, gain access to sensitive information, or
cause a denial of service.
I. Description
Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6
address a number of vulnerabilities affecting Apple Mac OS X and
Mac OS X Server versions prior to and including 10.4.11 and 10.5.5.
The update also addresses vulnerabilities in other vendors'
products that ship with Apple Mac OS X or Mac OS X Server.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. Solution
Install Apple Security Update 2008-008 or Apple Mac OS X version
10.5.6. These and other updates are available via Software Update
or via Apple Downloads.
IV. References
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* About the security content of Security Update 2008-008 / Mac OS X
v10.5.6 -
<https://support.apple.com/kb/HT3338>
* Mac OS X: Updating your software -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>
* Apple Downloads - <http://support.apple.com/downloads/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-350A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA08-350A Feedback VU#901332" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
December 15, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK
g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2
ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon
Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d
fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE
ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==
=yvkk
-----END PGP SIGNATURE-----
