Apple Updates for Multiple Vulnerabilities

Original release date: March 19, 2008
Last revised: --
Source: US-CERT

Systems Affected

• Apple Mac OS X versions prior to and including 10.4.11 and 10.5.2
• Apple Mac OS X Server versions prior to and including 10.4.11 and 10.5.1
• Apple Safari prior to 3.1, including both OS X and Windows versions

Overview

Apple has released the Apple Security Update 2008-002 and Apple Safari 3.1 to correct multiple vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and Apple Safari. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, execute cross-site scripting attacks or cause a denial of service.

I. Description

Apple Security Update 2008-002 and Apple Safari 3.1 to address a number of vulnerabilities affecting Apple Mac OS X, OS X Server, and Safari. Further details are available in the US-CERT Vulnerability Notes Database.

II. Impact

The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, cross-site scripting, and denial of service.

III. Solution

Install updates from Apple

Install Apple Security Update 2008-002. These and other updates are available via Software Update or via Apple Downloads.

IV. References

• US-CERT Vulnerability Notes for Apple Security Update 2008-002 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_002>
• About the security content of Apple Security Update 2008-002 - <http://docs.info.apple.com/article.html?artnum=307562>
• About the security content of Safari 3.1 - <http://docs.info.apple.com/article.html?artnum=307563>
• Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>
• Apple Support - Downloads - <http://www.apple.com/support/downloads/>

---

Feedback can be directed to US-CERT.

---

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

March 19, 2008: Initial release