MAC Vulnerabilites and updates

Submitted by shanson on Fri, 05/30/2008 - 11:53am.

National Cyber Alert System

Technical Cyber Security Alert TA08-150A

Apple Updates for Multiple Vulnerabilities

Original release date: May 29, 2008
Last revised: --
Source: US-CERT

Systems Affected

* Mac OS X prior to v10.5.3
* Mac OS X Server prior to v10.4.11

Overview

Apple has released Security Update 2008-003 and OS X version 10.5.3 to
correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
Server. Attackers could exploit these vulnerabilities to execute
arbitrary code, gain access to sensitive information, or cause a
denial of service.

I. Description

Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3
address a number of vulnerabilities affecting Apple Mac OS X and OS X
Server versions prior to and including 10.4.11 and 10.5.2. Further
details are available in the US-CERT Vulnerability Notes Database. The
update also addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary
code.

III. Solution

Upgrade

Install Apple Security Update 2008-003 or Apple Mac OS X version
10.5.3. These and other updates are available via Software Update or
via Apple Downloads.

IV. References

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* About the security content of Security Update 2008-003 / Mac OS X
10.5.3 - <http://support.apple.com/kb/HT1897>

* Mac OS X: Updating your software -
<http://support.apple.com/kb/HT1338?viewlocale=en_US>

* US-CERT Vulnerability Notes for Apple Security Update 2008-001 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-150A.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>

Share with Shareomatic! Share with Shareomatic!

Reply

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Images can be added to this post.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

To combat spam, please enter the code in the image.