-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA09-218A
Apple Updates for Multiple Vulnerabilities
Original release date: August 06, 2009
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 (Tiger)
and 10.5.7 (Leopard)
* Apple Mac OS X Server versions prior to
and including 10.4.11 (Tiger) and 10.5.7 (Leopard)
Overview
Apple has released Mac OS X v10.5.8 / Security Update 2009-003 to
correct multiple vulnerabilities affecting components of Apple Mac
OS X and Mac OS X Server. Attackers could exploit these
vulnerabilities to execute arbitrary code, gain access to sensitive
information, or cause a denial of service.
I. Description
Apple Mac OS X v10.5.8 / Security Update 2009-003 addresses a
number of vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. These updates also address vulnerabilities in other
vendors' products that ship with Apple Mac OS X or Mac OS X Server.
II. Impact
The impact of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. Solution
Install Apple Mac OS X v10.5.8 / Security Update 2009-003. These
and other updates are available via Software Update or via Apple
Downloads.
IV. References
* Security Update 2009-003 / Mac OS X v10.5.8 -
<http://support.apple.com/kb/HT3757>
* Mac OS X: Updating your software -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>
* Apple Downloads - <http://support.apple.com/downloads/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-218A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA09-218A Feedback VU#426517" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 06, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb
JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8
jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo
PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH
3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU
HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w==
=A6S1
-----END PGP SIGNATURE-----
