National Cyber Alert System Technical Cyber Security Alert TA06-275A: Multiple Vulnerabilities in Apple and Adobe Products
5ed461803c9cb7d5e4c286b90864ac53794a47e7cdb3892f52746d42ada972ee
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-275A
Multiple Vulnerabilities in Apple and Adobe Products
Original release date: October 02, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.9 and earlier (Panther)
* Apple Mac OS X version 10.4.7 and earlier (Tiger)
* Apple Mac OS X Server version 10.3.9 and earlier
* Apple Mac OS X Server version 10.4.7 and earlier
* Safari web browser
* Adobe Flash Player 8.0.24 and earlier
These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.
Overview
Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update
to correct multiple vulnerabilities affecting Mac OS X, OS X Server,
Safari, Adobe Flash Player, and other products. The most serious of
these vulnerabilities may allow a remote attacker to execute arbitrary
code. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I. Description
Apple has released Security Update 2006-006 to address numerous
vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash
Player, and other products.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006.
Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based
Apple systems. This update addresses the vulnerabilities described in
Apple Security Update 2006-006 for Intel-based Apple systems.
This security update also addresses previously known vulnerabilities
in Adobe Flash Player. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. Solution
Install updates
Install Apple Security Update 2006-006. This and other updates are
available via Apple Update or via Apple Downloads.
Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8
Update (Intel) to receive the necessary security updates.
IV. References
* Vulnerability Notes for Apple Security Update 2006-006 -
<https://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006>
* About the security content of the Mac OS X 10.4.8 Update and
Security Update 2006-006 -
<https://docs.info.apple.com/article.html?artnum=304460>
* Mac OS X 10.4.8 Update (Intel) -
<https://www.apple.com/support/downloads/macosx1048updateintel.html>
* Mac OS X: Updating your software -
<https://docs.info.apple.com/article.html?artnum=106704>
* Apple Downloads - <https://www.apple.com/support/downloads/>
* Vulnerability Notes for Adobe Security Bulletin APSB06-11 -
<https://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11>
* Adobe Security Bulletin APSB06-11 -
<https://www.adobe.com/support/security/bulletins/apsb06-11.html>
* Securing Your Web Browser -
<https://www.us-cert.gov/reading_room/securing_browser/#Safari>
_________________________________________________________________
The most recent version of this document can be found at:
<https://www.us-cert.gov/cas/techalerts/TA06-275A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<https://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----