US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnera

Web Server Talk > Server Security > CERT Security Announcements > US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnera

Last Thread Next Thread Next

US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnera

US-CERT

12-19-07 12:25 AM


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-352A


Apple Updates for Multiple Vulnerabilities

Original release date: December 18, 2007
Last revised: --
Source: US-CERT

Systems Affected

* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1
* Apple Mac OS X Server versions prior to and including 10.4.11 and
10.5.1

These vulnerabilities affect both Intel and PowerPC platforms.

Overview

Apple has released Security Update 2007-009 to correct multiple
vulnerabilities affecting Apple Mac OS X and Mac OS X Server.
Attackers could exploit these vulnerabilities to execute arbitrary
code, gain access to sensitive information, surreptitiously initiate a
video conference, or cause a denial of service.

I. Description

Apple Security Update 2007-009 addresses a number of vulnerabilities
affecting Apple Mac OS X and OS X Server versions 10.4.11 and 10.5.1.
Further details are available in the related vulnerability notes.

The update addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar

II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.

III. Solution

Install updates from Apple

Install Apple Security Update 2007-009. This and other updates are
available via Software Update or via Apple Downloads.

IV. References

* Vulnerability notes for Apple Security Update 2007-009 -
<http://www.kb.cert.org/vuls/byid?se...=apple-2007-009>

* About Security Update 2007-009 -
<http://docs.info.apple.com/article.html?artnum=307179>

* Mac OS X: Updating your software - <http://docs.info.apple.com/article....r />
um=106704>

* Apple - Support - Downloads - <http://www.apple.com/support/downloads/>

 ________________________________________
_________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-352A.html>
 ________________________________________
_________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
 ________________________________________
_________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ________________________________________
_________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
 ________________________________________
_________________________

Revision History

December 18, 2007: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

 iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2
IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
 Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc
5Z4dg7osMPe7Lco7vVfMvoZG
 IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1o
DZd46GH+JvkYLgLCmkMSwIcs
 Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk
9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]