Home / vulnerabilitiesPDF  

TA08-150A.txt

Posted on 30 May 2008
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA08-150A


Apple Updates for Multiple Vulnerabilities

Original release date: May 29, 2008
Last revised: --
Source: US-CERT

Systems Affected

* Mac OS X prior to v10.5.3
* Mac OS X Server prior to v10.4.11

Overview

Apple has released Security Update 2008-003 and OS X version 10.5.3 to
correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. Attackers could exploit these vulnerabilities to execute
arbitrary code, gain access to sensitive information, or cause a
denial of service.

I. Description

Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3
address a number of vulnerabilities affecting Apple Mac OS X and OS X
Server versions prior to and including 10.4.11 and 10.5.2. Further
details are available in the US-CERT Vulnerability Notes Database. The
update also addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary
code.

III. Solution

Upgrade

Install Apple Security Update 2008-003 or Apple Mac OS X version
10.5.3. These and other updates are available via Software Update or
via Apple Downloads.

IV. References

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* About the security content of Security Update 2008-003 / Mac OS X
10.5.3 - <http://support.apple.com/kb/HT1897>

* Mac OS X: Updating your software -
<http://support.apple.com/kb/HT1338?viewlocale=en_US>

* US-CERT Vulnerability Notes for Apple Security Update 2008-001 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-150A.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----

 

TOP

Malware :

Exploits :