National Cyber Alert System
Technical Cyber Security Alert TA08-079A
Apple Updates for Multiple Vulnerabilities
Original release date: March 19, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.2
* Apple Mac OS X Server versions prior to and including 10.4.11
and
10.5.1
* Apple Safari prior to 3.1, including both OS X and
Windows
versions
Overview
Apple has released the Apple Security Update 2008-002 and Apple
Safari
3.1 to correct multiple vulnerabilities affecting Apple Mac OS X,
Mac
OS X Server, and Apple Safari. Attackers could exploit
these
vulnerabilities to execute arbitrary code, gain access to
sensitive
information, execute cross-site scripting attacks or cause a denial
of
service.
I. Description
Apple Security Update 2008-002 and Apple Safari 3.1 to address
a
number of vulnerabilities affecting Apple Mac OS X, OS X Server,
and
Safari. Further details are available in the US-CERT
Vulnerability
Notes Database.
II. Impact
The impacts of these vulnerabilities vary. Potential
consequences
include arbitrary code execution, sensitive information
disclosure,
cross-site scripting, and denial of service.
III. Solution
Install updates from Apple
Install Apple Security Update 2008-002. These and other updates
are
available via Software Update or via Apple Downloads.
IV. References
* US-CERT Vulnerability Notes for Apple Security Update 2008-002 -
* About the security content of Apple Security Update 2008-002 -
* About the security content of Safari 3.1 -
* Mac OS X: Updating your software -
* Apple Support Downloads -
_______________________________________________
ENT_CYBER_STF mailing list
ENT_CYBER_STF@listsmart.osl.state.or.us
http://listsmart.osl.state.or.us/mailman/listinfo/ent_cyber_stf
Hosted by the Oregon State Library (503)378-4246
Please use this contact for technical list questions only.
For informational questions related to message content, please contact the sender of the message, by phone or email.
No comments:
Post a Comment