Apple Updates for Multiple Vulnerabilities

Original release date: May 29, 2008
Last revised: --
Source: US-CERT

Systems Affected

• Mac OS X prior to v10.5.3
• Mac OS X Server prior to v10.4.11

Overview

Apple has released Security Update 2008-003 and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

I. Description

Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3 address a number of vulnerabilities affecting Apple Mac OS X and OS X Server versions prior to and including 10.4.11 and 10.5.2. Further details are available in the US-CERT Vulnerability Notes Database. The update also addresses vulnerabilities in other vendors' products that ship with Apple OS X or OS X Server.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Upgrade

Install Apple Security Update 2008-003 or Apple Mac OS X version 10.5.3. These and other updates are available via Software Update or via Apple Downloads.

IV. References

• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
• About the security content of Security Update 2008-003 / Mac OS X 10.5.3 - <http://support.apple.com/kb/HT1897>
• Mac OS X: Updating your software - <http://support.apple.com/kb/HT1338?viewlocale=en_US>
• US-CERT Vulnerability Notes for Apple Security Update 2008-003 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>

---

Feedback can be directed to US-CERT.

---

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

May 29 2008: Initial release