US-CERT Technical Cyber Security Alert TA06-275A
Systems Affected
* Apple Mac OS X version 10.3.9 and earlier (Panther)
* Apple Mac OS X version 10.4.7 and earlier (Tiger)
* Apple Mac OS X Server version 10.3.9 and earlier
* Apple Mac OS X Server version 10.4.7 and earlier
* Safari web browser
* Adobe Flash Player 8.0.24 and earlier
These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.
Overview
Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update
to correct multiple vulnerabilities affecting Mac OS X, OS X Server,
Safari, Adobe Flash Player, and other products. The most serious of
these vulnerabilities may allow a remote attacker to execute arbitrary
code. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I. Description
Apple has released Security Update 2006-006 to address numerous
vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash
Player, and other products.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006.
Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based
Apple systems. This update addresses the vulnerabilities described in
Apple Security Update 2006-006 for Intel-based Apple systems.
This security update also addresses previously known vulnerabilities
in Adobe Flash Player. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. Solution
Install updates
Install Apple Security Update 2006-006. This and other updates are
available via Apple Update or via Apple Downloads.
Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8
Update (Intel) to receive the necessary security updates.
IV. References
* Vulnerability Notes for Apple Security Update 2006-006
* About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006
* Mac OS X 10.4.8 Update (Intel)
* Mac OS X: Updating your software
* Apple Downloads
* Vulnerability Notes for Adobe Security Bulletin APSB06-11
* Adobe Security Bulletin APSB06-11
* Securing Your Web Browser
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage. Get Firefox Here.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices. My FAQs.
[This message was edited by Wiz Feinberg on 06 October 2006 at 04:13 PM.]
