Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14529
HistoryOct 03, 2006 - 12:00 a.m.

US-CERT Technical Cyber Security Alert TA06-275A -- Multiple Vulnerabilities in Apple and Adobe Products

2006-10-0300:00:00
vulners.com
16
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    National Cyber Alert System

              Technical Cyber Security Alert TA06-275A

Multiple Vulnerabilities in Apple and Adobe Products

Original release date: October 02, 2006
Last revised: –
Source: US-CERT

Systems Affected

 * Apple Mac OS X version 10.3.9 and earlier (Panther)
 * Apple Mac OS X version 10.4.7 and earlier (Tiger)
 * Apple Mac OS X Server version 10.3.9 and earlier
 * Apple Mac OS X Server version 10.4.7 and earlier
 * Safari web browser
 * Adobe Flash Player 8.0.24 and earlier

These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.

Overview

Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update
to correct multiple vulnerabilities affecting Mac OS X, OS X Server,
Safari, Adobe Flash Player, and other products. The most serious of
these vulnerabilities may allow a remote attacker to execute arbitrary
code. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.

I. Description

Apple has released Security Update 2006-006 to address numerous
vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash
Player, and other products.

Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006.

Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based
Apple systems. This update addresses the vulnerabilities described in
Apple Security Update 2006-006 for Intel-based Apple systems.

This security update also addresses previously known vulnerabilities
in Adobe Flash Player. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.

II. Impact

The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.

III. Solution

Install updates

Install Apple Security Update 2006-006. This and other updates are
available via Apple Update or via Apple Downloads.

Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8
Update (Intel) to receive the necessary security updates.

IV. References

 * Vulnerability Notes for Apple Security Update 2006-006 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006>

 * About the security content of the Mac OS X 10.4.8 Update and
   Security Update 2006-006 -
   <http://docs.info.apple.com/article.html?artnum=304460>

 * Mac OS X 10.4.8 Update (Intel) -
   <http://www.apple.com/support/downloads/macosx1048updateintel.html>

 * Mac OS X: Updating your software -
   <http://docs.info.apple.com/article.html?artnum=106704>

 * Apple Downloads - <http://www.apple.com/support/downloads/>

 * Vulnerability Notes for Adobe Security Bulletin APSB06-11 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11>

 * Adobe Security Bulletin APSB06-11 -
   <http://www.adobe.com/support/security/bulletins/apsb06-11.html>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/#Safari>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-275A.html>

Feedback can be directed to US-CERT Technical Staff. Please send
email to <[email protected]> with "TA06-275A Feedback VU#546772" in the
subject.

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html&gt;

Revision History

October 02, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----

JSON