Related information

Apple Mac OS X multiple security vulnerabilities

ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability

ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability

ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability

n.runs-SA-2009.001 - OS X CFNetwork advisory

From:	CERT <cert_(at)_cert.gov>
Date:	14.05.2009
Subject:	US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   National Cyber Alert System

             Technical Cyber Security Alert TA09-133A


Apple Updates for Multiple Vulnerabilities

  Original release date: May 13, 2009
  Last revised: --
  Source: US-CERT


Systems Affected

    * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
    * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.6 (Leopard)
    * Safari 3 for Windows,  Mac OS X 10.4, and Mac OS X 10.5


Overview

  Apple has released multiple Security Updates, 2009-002 / Mac OS X
  version 10.5.7 and Safari 3.2.3, to correct multiple
  vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the
  Safari web browser. Attackers could exploit these vulnerabilities
  to execute arbitrary code, gain access to sensitive information, or
  cause a denial of service.


I. Description

  Apple Security Update 2009-002 / Mac OS X v10.5.7 addresses a
  number of vulnerabilities affecting Apple Mac OS X and Mac OS X
  Server, the Safari security update addresses vulnerabilities
  affecting the Safari web browser (for Windows and OS X). These
  updates also address vulnerabilities in other vendors' products
  that ship with Apple Mac OS X or Mac OS X Server.


II. Impact

  The impacts of these vulnerabilities vary. Potential consequences
  include arbitrary code execution, sensitive information disclosure,
  denial of service, or privilege escalation.


III. Solution

  Install Apple Security Update 2009-002 / Mac OS X v10.5.7, or
  Safari 3.2.3. These and other updates are available via Software
  Update or via Apple Downloads.


IV. References

* Apple Security Update 2009-002 -
  <http://support.apple.com/kb/HT3549>

* Safari 3.2.3 - <http://support.apple.com/kb/HT3550>

* Apple Downloads - <http://support.apple.com/downloads/>

* Software Update -
  <https://support.apple.com/kb/HT1338?viewlocale=en_US>

____________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA09-133A.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in
  the subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

  Produced 2009 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History
 
 May 13, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV
HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/
Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy
J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV
vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ
xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA==
=dQ2L
-----END PGP SIGNATURE-----